Archivetemph12-711 - V3.0-ENU V8.02

Http://www.passcert.
com
The safer , easier way to help you pass any IT exams.
Exam : H12-711_V3.0-ENU
Title : HCIA-Security V3.0
Version : V8.02
1 / 87
1. Regarding the description of the Windows log event type, which of the following is correct? (Multiple
Choice)
A. Warning event refers to an event that the application, driver or service is successful.
B. Error events usually refer to the loss of functionality and data. For example, a service cannot be loaded
as a system boot, an error event is generated.
C. When the disk space is insufficient, it will be recorded as a "information event".
D. Failure audit event refers to a failure of security login attempts, such as failure when a user view
accesses a network drive, is recorded as a failure audit event.
Answer: BD
2. Which types of the following can the encryption technology be divided into? (Multiple Choice)
A. Symmetrical encryption
B. Fractional symmetric encryption
C. Fingerprint encryption
D. Data encryption
Answer: AB
3. Which of the following is the status information that can be backed up by the HRP (Huawei
Redundancy Protocol) protocol? (Multiple Choice)
A. Conference table
B. ServerMap entry
C. Dynamic blacklist
D. Routing table
Answer: ABC
4. Which of the following is the core part of the P2DR model?

A. Policy
B. Protection
C. Detection
D. Response
Answer: A
5. Evidence identification needs to solve the integrity verification of evidence and determine if it meets the
standards that can be used. Regarding the standards of evidence identification, which of the following
statement is correct?
A. Relevance standard refers to that if the electronic evidence can have a material impact on the facts of
the case to a certain extent, the court should rule that it is relevant.
B. Objective standard refers to the acquisition, storage, and submission of electronic evidences shall be
legal, and the basic rights such as national interests, social welfare and personal privacy do not constitute
strict violations.
C. Legality standard is to ensure that electronic evidence is collected from the initial acquisition, and the
content is not changed in the process of submission as litigation evidence.
D. Fair standard refers to that only the legal subject obtains the evidentiary material by legal means has
evidentiary ability.
2 / 87
Answer: A
6. Data Analysis Technology is to find, match keywords or key phrases, and analyze the correlation of
time in data streams or information streams that have been obtained.
Which of the following does not belong to evidence analysis technology?
A. Password decipherment, data decryption technology
B. File Digital Summary Analysis Technology
C. Exploring the technology of the connection between different evidence
D. Spam tracking technology
Answer: D
7. About AH and ESP security protocols, which of the following statements are correct? (Multiple Choice)
A. AH can provide the functions of encryption and verification
B. ESP can provide the functions of encryption and verification
C. AH's protocol number is 51
D. ESP's protocol number is 51
Answer: BC
8. DDoS attack belongs to which attack type?

A. Snoop scan attack
B. Malformed packet attack
C. Special packet attack
D. Flow type attack
Answer: D
9. About SSL VPN technology, which of the following statement is wrong?

A. SSL VPN technology is perfect for NAT traversal scenarios
B. Encryption of SSL VPN technology only takes effect on the application layer
C. SSL VPN requires dial client
D. SSL VPN technology expands the network range of enterprises
Answer: C
10. Which options can be operated in the advanced settings of the Windows Firewall? (Multiple Choice)
A. Restore default
B. Change Notification Rules
C. Set connection safety rules
D. Set inbound and outbound rules
Answer: CD
11. When configuring NAT Server on the USG Series Firewall, a Server-Map table is generated. Which
item below does not belong to content in this performance?
A. Destination IP
B. Destination port number
C. Agreement number
3 / 87
D. Source IP
Answer: D
12. Which attack below does not belong to a special packet attack?
A. ICMP redirection packet attack
B. ICMP unreachable packet attack
C. IP address scan attack
D. Super ICMP Packet Attack
Answer: C
13. Which attack below is not a malformated packet attack?

A. TEARDROP attack
B. Smurf attack
C. TCP shard attack
D. ICMP unreachable message attack
Answer: D
14. "Caesar Password" is mainly encrypted by using a stick of specific specifications.

A. True
B. False
Answer: B
15. Which of the following is a remote authentication method? (Multiple Choice)

A. RADIUS
B. Local
C. HWTACACS
D. LLDP
Answer: AC
16. When the firewall hard disk is on the throne, which of the following statement about the firewall log is
correct?
A. Administrators can announce the content log to view the detection and defense record of network
threats
B. Administrators can understand the user's security risk behavior and the cause of the alarm or blocking
reason via threat logs.
C. Administrators know the user's behavior, the keyword of the exploitation, and the effectiveness of the
audit policy configuration through user activity logs.
D. Administrators can use the security policy in which traffic hits in the policy, for fault location when there
is a problem.
Answer: D
17. In the Client-Initiated VPN configuration, it is generally recommended to plan the address pool and
headquarters network address as different network segments, otherwise you need to turn on the proxy
forwarding function on the gateway device.
4 / 87
A. True
B. False
Answer: B
18. Which items are the encryption techniques used by digital envelopes? (Multiple Choice)
A. Symmetrical encryption algorithm
B. Asymmetric encryption algorithm
C. Hash algorithm
D. Flow encryption algorithm
Answer: AB
19. In addition to supporting built-in Portal authentication, firewall also supports custom Portal
authentication, and does not require separate deployment of external Portal servers when using custom
Portal authentication.
A. True
B. False
Answer: B
20. NAPT technology can implement a public IP address for multiple private network hosts.
A. True
B. False
Answer: A
21. IPSec VPN technology does not support NAT crossing when using the ESP security protocol package,
because ESP encrypts the header of the packet.
A. True
B. False
Answer: B
22. Which item is correct about SSL VPN?

A. Can be used without the client
B. Can encrypt the IP layer
C. There is a NAT crossing problem
D. No authentication
Answer: A
23. Some applications such as Oracle Database Applications, has no data streaming for a long time, so
that the firewall session connection is interrupted, resulting in business interruption, which of the following
is the optimal solution?
A. Configure a long connection for one business
B. Open the ASPF function
C. Optimize safety strategy
D. Open Split Cache
Answer: A
5 / 87
24. "Implementing security monitoring management for information and information systems, preventing
illegal use of information and information systems", is to achieve which feature in information security?
A. Confidentiality
B. Controllability
C. Non-repudiation
D. Integrity
Answer: B
25. When configuring a security policy, a security policy can reference the address set or configure
multiple destination IP addresses.
A. True
B. False
Answer: A
26. Which of the following is not a quintuple range?

A. Source IP
B. Source Mac
C. Destination IP
D. Destination port
Answer: B
27. Which of the following statement is wrong about the L2TP VPN of Client-Initialized?
A. After the remote user access the Internet, the L2TP tunnel connection request can be initiated directly
from the remote LNS through the client software.
B. The LNS device receives the user's L2TP connection request, and the user can be verified according
to the username and password.
C. LNS assign private IP addresses for remote users.
D. The remote users do not need to install VPN client software
Answer: D
28. About the description of the vulnerability scan, which of the following is wrong?
A. Vulnerability Scan is a technology based on network remote monitoring target network or host security
performance vulnerability, which can be used to simulate attack experiments and security audits.
B. Vulnerability scan is used to detect if the target host system has a vulnerability, generally a scan for a
specific vulnerability for the target host
C. Vulnerability scan is a passive prevention measures to effectively avoid hacker attack behavior
D. Vulnerability scan can be used according to the results of ping scanning and port scanning
Answer: C
29. Regarding the firewall security strategy, which of the following is wrong?
A. If the security policy is Permit, the discarded message will not be accumulated "hitting"
B. When configuring the security policy name, you cannot reuse the same name.
C. Adjust the order of the security policy, do not need to save the configuration file, take effect immediately
6 / 87
D. Huawei USG series firewall security strategy entry cannot exceed 128
Answer: D
30. What protection levels are included in TCSEC standard? (Multiple Choice)
A. Verification Protection
B. Forced Protection
C. Self-protection
D. Passive Protection
Answer: ABC
31. Which one of the options below belong to the component of the PKI architecture? (Multiple Choice)
A. Terminal entity
B. Certificate certification authority
C. Certificate registration authority
D. Certificate Storage authority
Answer: ABCD
32. "Be good at observation" and "keep suspicion" can help us better identify security threats in the online
world.
A. True
B. False
Answer: A
33. In tunnel encapsulation mode, there is no need to have the routing to the destination private network
segment, because the data will reseal using the new IP header to find routing table.
A. True
B. False
Answer: B
34. About the description of the Windows firewall, which of the following statements are correct? (Multiple
Choice)
A. Windows firewalls can only allow or prohibit preset programs or features and programs installed on the
system, and cannot customize the release rules in accordance with protocols or port numbers.
B. Windows firewall not only allows or prohibits preset programs or features and programs installed on the
system, but also support to customize the release rules in accordance with protocols or port numbers.
C. If in the process of setting up the Windows firewall, the Internet cannot be accessed, you can quickly
restore the firewall to the initial state using the restored default value function.
D. Windows firewall can change the notification rule in the closed state
Answer: BC
35. Regarding the investigation and evidence collection, which of the following statement is correct?
A. Evidence is not necessarily needed in an investigation
B. Evidence acquired by eavesdropping is also effective
C. During all investigation and evidence, preferably with law enforcement involved.
7 / 87
D. Document evidence is required in computer crimes

Answer: C
36. Regarding the online user management, which of the following is incorrect?
A. Each user group can include multiple users and user groups
B. Each user group can belong to multiple parent user groups
C. The system has a default user group by default, and it is also the system default authentication
domain.
D. Each user at least belongs to one user group, or it can belong to multiple user groups.
Answer: B
37. Which of the following is not used by the Detection link in the P2DR model?
A. Real-time monitoring
B. Detection
C. Alarm
D. Close service
Answer: D
38. Which item below is not a Linux operating system?

A. CentOS
B. RedHat
C. Ubuntu
D. MAC OS
Answer: D
39. In some scenarios, it is necessary to convert the source IP address, but also convert the destination IP
address, which technology of the following is used by these scenarios?
A. Two-way NAT
B. Source Nat
C. NAT-Server
D. Nat Alg
Answer: A
40. Which protocols below can guarantee the confidentiality of data transmission? (Multiple Choice)
A. Telnet
B. SSH
C. FTP
D. HTTPS
Answer: BD
41. On the USG series firewall, after configuring the web redirection, the the authentication page cannot
pop up. Which item below does not belong to the cause?
A. Unconfigured authentication policy or authentication policy configuration error
B. Unenable WEB authentication function
8 / 87
C. Browser SSL version is not matched with the firewall authentication page SSL version
D. The port number of the authentication page service is set to 8887
Answer: D
42. Which is the order of the four stages of the Information Security Management System (ISMS) in the
following options?
A. Plan->Check->Do->Action
B. Check->Plan->Do->Action
C. Plan->Do->Check->Action
D. Plan->Check->Action->Do
Answer: C
43. Which of the following behavior is needed in the "Check" section in the construction management
cycle of the information security system?
A. Safety management system design
B. Implementation of safety management system
C. Risk assessment
D. Safety management system operation monitoring
Answer: D
44. Check the HRP status information of the firewall as follows:

HRP_S[USG_B] display hrp state
The firewall's config state is: Standby
Current state of virtual routers configured as standby:
GigabitEthernet1/0/0 vrid 1: standby
GigabitEthernet1/0/1 vrid 2: standby
According to the above information, which of the following description is correct?
A. This firewall VGMP group status is Active
B. The VRRP group status of this firewall G1/0/0 and G1/0/1 interface is standby
C. This firewall's HRP heartbeat interface is G1/0/0 and G1/0/1
D. This firewall must be in a preemptive state
Answer: B
45. Which types can be divided into according to the shape of servers? (Multiple Choice)
A. Blade server
B. Tower server
C. Rackline server
D. x86 server
Answer: ABC
46. Common scan attacks include: port scan tools, vulnerability scanning tools, application scan tools and
database scanning tools, etc.
A. True
B. False
9 / 87
Answer: B
47. Divide the firewall according to the protection subject, Windows firewall belongs to ______.
A. Software firewall
B. Hardware firewall
C. Single machine firewall
D. Network firewall
Answer: C
48. Which options are the way for PKI entity to apply for a local certificate from a CA? (Multiple Choice)
A. Online application
B. Local application
C. Network application
D. Offline application
Answer: AD
49. IPS (Intrusion Prevention System) is a defense system that can real-time block during the found
invasion.
A. True
B. False
Answer: A
50. Which of the following is not a symmetrical encryption algorithm?

A. DES
B. 3DES
C. AES
D. RSA
Answer: D
51. Regarding the firewall security zone, which of the following statements are correct? (Multiple Choice)
A. The firewall has four security zones by default, and the four security zone priorities do not support
modification.
B. A firewall can have 12 security zones at most
C. Firewall can create two security areas of the same priority
D. When data flow occurs between different security zones, the security check of the device is triggered,
and the corresponding security policy is implemented.
Answer: AD
52. Digital certificates can be divided into local certificates, CA certificates, root certificates, and
self-signed certificates depending on the use scenario.
A. True
B. False
Answer: B
10 / 87
53. Which of the following statement is wrong about the root CA certificate?
A. The issuer is CA
B. Certificate main name is CA
C. Public key information is the public key of CA
D. Signature is generated by the CA public key encryption
Answer: D
54. Which configuration below can implement NAT ALG function?

A. nat alg protocol
B. alg protocol
C. nat protocol
D. detect protocol
Answer: D
55. Regarding the anti-patient response method of firewall gateway for HTTP protocols, which of the
following statement is incorrect?
A. After the gateway device blocks the HTTP connection, push the web page to the client and generate a
log.
B. Response methods include declaration and blocking
C. The alarm mode device generates only the log, and the file is not processed by the file transferred to
the HTTP protocol.
D. Blocked refers to the device disconnects to the HTTP server and block file transfer.
Answer: B
56. Which of the following is not a user authentication method in a USG firewall?
A. Free certification
B. Password authentication
C. Single sign-in
D. Fingerprint certification
Answer: D
57. Both the firewall GE1/0/1 and GE1/0/2 are in the DMZ area. If the area to achieve GE1/0/1 can access
the area connected in GE1 / 0/2, which of the following is correct?
A. Need to configure local to DMZ security policies
B. No need to do any configuration
C. You need to configure domain security policies
D. Need to configure security policies from DMZ to Local
Answer: B
58. For the process of forwarding the session of the first packetage in the firewood area, there are several
steps:
1. Find the routing table
2. Find the domain package filter rule
3. Find the session table
11 / 87
4. Find the blacklist below

which order below is correct?
A. 1->3->2->4
B. 3->2->1->4
C. 3->4->1->2
D. 4->3->1->2
Answer: C
59. Administrators want to know the current session table. Which of the following order is correct?
A. clear firewall session table
B. reset firewall session table
C. display firewall session table
D. display session table
Answer: B
60. Which of the following is the basic function of anti-virus software? (Multiple Choice)
A. Prevent virus
B. Find virus
C. Clear virus
D. Copy virus
Answer: ABC
61. The European TCSEC criterion is divided into two modules of function and evaluation, mainly in the
military, government, and business.
A. True
B. False
Answer: B
62. In the future development trend of information security, terminal detection is an important ring. Which
methods are the category of terminal detection? (Multiple Choice)
A. Install the host anti-virus software
B. Monitoring the procedure equipment
C. Prevent users from accessing public search engines
D. Monitor host registry modified record
Answer: ABD
63. Write a rule with iptables that does not allow 172.16.0.0.0/16 to access this device, which rule is
correct?
A. iptables -t filter -A INPUT -s 172.16.0.0/16 -p all -j DROP
B. iptables -t filter -P INPUT -s 172.16.0.0/16 -p all -j DROP
C. iptables -t filter -P INPUT -s 172.16.0.0/16 -p all -j ACCEPT
D. iptables -t filter -P INPUT -d 172.16.0.0/16 -p all -j ACCEPT
Answer: A
12 / 87
64. Regarding the HRP standby configuration consistency check contents, which of the following is not
included?
A. NAT strategy
B. Whether the heartbeat interface of the same serial number is configured
C. The next jump and outcoming interface of the static route
D. Certification strategy
Answer: C
65. In the USG series firewall, you can use the ______ function to provide a well-known application
service for the non-knowledge port.
A. Port mapping
B. Mac and IP address binding
C. Packing filter
D. Long connection
Answer: A
66. What item is not included in the design principle of questionnaire surveys?
A. Integrity
B. Openness
C. Specificity
D. Consistency
Answer: B
67. Want to implement "anti-virus function" in the security policy, you must perform license activation.
A. True
B. False
Answer: A
68.The configuration command regarding the NAT address pool is as follows:

nat address-group 1
section 0 202.202.168.10 202.202.168.20
mode no-pat
Among them, the meaning of the NO-PAT parameter is:
A. Do not convert address
B. Perform port multiplexing
C. Do not convert the source port
D. Do not convert destination ports
Answer: C
69. On the surface, threats such as viruses, vulnerabilities, and Trojan horses are the causes of
information security incidents, but at the root, information security incidents are also closely related to
people and the information system itself.
A. True
B. False
13 / 87
Answer: A
70. When connecting to Wi-Fi in public places, which of the following is relatively safer?
A. Connect to unencrypted Wi-Fi hotspots
B. Connect to the paid Wi-Fi hotspot provided by the operator and only browse the Internet
C. Connect to unencrypted free Wi-Fi for online shopping
D. Connect to encrypted free Wi-Fi for online transfer operations
Answer: B
71. Which of the following is the action to be taken in the summary phase of cybersecurity emergency
response? (Multiple Choice)
A. Establish a defense system and specify control measures
B. Evaluate the implementation of emergency plans and propose follow-up improvement plans
C. Judging the effectiveness of isolation measures
D. Evaluate the members of the emergency response organization
Answer: BD
72. Regarding port mirroring, which of the following descriptions are correct? (Multiple Choice)
A. The mirror port copies the packet to the observing port
B. The observation port sends the received message to the monitoring device
C. The mirror port sends the received message to the monitoring device
D. The observing port copies the packet to the mirror port
Answer: AB
73. Which of the following options is the protocol number of GRE?

A. 46
B. 47
C. 89
D. 50
Answer: B
74. Which of the following descriptions of the VGMP protocol is wrong?

A. VGMP adds multiple VRRP backup groups on the same firewall to a management group, and the
management group manages all VRRP backup groups in a unified manner
B. VGMP uniformly controls the switching of the status of each VRRP backup group to ensure that the
status of all VRRP backup groups in the management group is consistent.
C. VGMP group devices in Active state will periodically send hello messages to the opposite end, and the
stdandby end is only responsible for listening to hello messages and will not respond
D. By default, when the standby end does not receive the hello message sent by the opposite end for
three hello message cycles, it will consider the opposite end to be faulty and switch itself to the Active
state.
Answer: C
75. For data communication between the two communicating parties, if an asymmetric encryption
14 / 87
algorithm is used for encryption, when A sends data to B, which of the following keys will be used for data
encryption?
A. A's public key
B. A's private key
C. B's public key
D. B's private key
Answer: C
76. IPSec VPN uses an asymmetric encryption algorithm to encrypt the transmitted data.
A. True
B. False
Answer: B
77. Regarding GRE encapsulation and decapsulation, which of the following descriptions is wrong?
A. In the encapsulation process, the original data packet is sent to the Tunnel interface through the route
search, and then GRE encapsulation is started.
B. In the encapsulation process. After encapsulation by the GRE module, the data packet will enter the IP
module for further processing
C. In the decapsulation process. After receiving the GRE message, the destination end passes the data
packet to the Tunnel interface by searching for a route, and then starts GRE decapsulation.
D. In the decapsulation process, after the GRE module decapsulates, the data packet will enter the IP
module for further processing
Answer: C
78. The repair of antivirus software only needs to repair some system files that were accidentally deleted
when checking and killing viruses to prevent system crashes.
A. True
B. False
Answer: A
79. Which of the following does not belong to the classification of cybersecurity incidents?
A. Major cybersecurity incidents
B. Special cybersecurity incidents
C. General cybersecurity incidents
D. Major cybersecurity incidents
Answer: B
80. Regarding single sign on, which of the following statements are correct? (Multiple Choice)
A. The device can identify users who have passed the authentication by the identity authentication system
B. There is only one deployment mode for AD domain single sign on
C. Although there is no need to enter the user password, the authentication server needs to interact with
the user password and the device to ensure that the authentication is passed
D. AD domain single sign on can be synchronized to the firewall by mirroring the login data stream
Answer: AD
15 / 87
81. Regarding the relationship and role of VRRP/VGMP/HRP, which of the following statements are
correct? (Multiple Choice)
A. VRRP is responsible for sending gratuitous ARP to direct traffic to the new master device when the
master device is switched.
B. VGMP is responsible for monitoring equipment failures and controlling the fast switching of equipment
C. HRP is responsible for data backup during dual-system hot backup operation
D. The VGMP group in the Active state may contain the VRRP group in the Standby state
Answer: ABC
82. The administrator PC is directly connected to the management port of the USG firewall and uses the
web method to perform initialization operations. Which of the following statements is correct? (Multiple
Choice)
A. The browser of the management PC visits http://192.168.0.1
B. The IP address of the management PC is manually set to 192.168.0.2-192.168.0.254
C. The browser of the management PC visits http://192.168.1.1
D. Set the network card of the management PC to automatically obtain an IP address
Answer: ABD
83. In the Huawei SDSec solution, which layer of equipment does the firewall belong to?
A. Analysis layer
B. Control layer
C. Executive level
D. Monitoring layer
Answer: C
84. hen deploying dual-system hot backup on the firewall, in order to switch the overall state of the VRRP
backup group, which of the following protocols is required?
A. VRRP
B. VGMP
C. HRP
D. OSPF
Answer: B
85. The online scenario of internal users in the enterprise is shown in the figure. The user online process
is as follows:
1. After the authentication is passed, the USG allows the connection to be established
2. The user accesses the internet and enters http://1.1.1.1
3. USG push authentication interface
4. The user successfully accesses http://1.1.1.1, and the device creates a session table
5. The user enters the correct user name and password
Which of the following is the correct process sequence?
16 / 87
A. 2->5->3->1->4
B. 2->3->5->1->4
C. 2->1->3->5->4
D. 2->3->1->5->4
Answer: B
86. Regarding the description of firewall dual-system hot backup, which of the following options are
A. When multiple areas on the firewall need to provide dual-system backup, multiple VRRP backup
groups need to be configured on the firewall
B. The state of all VRRP backup groups of the same VGMP management group on the same firewall is
required to be consistent
C. The firewall dual-system hot backup needs to synchronize the backup of the session table, MAC table,
routing table and other information between the master device and the slave device
D. VGMP is used to ensure the consistency of all VRRP backup group switching
Answer: ABD
87. Which of the following is the encryption technology used in the digital envelope?
A. Symmetric encryption algorithm
C. Hashing algorithm
D. Streaming algorithm
Answer: B
88. Regarding the matching conditions of the security policy, which of the following options are correct?
(Multiple Choice)
A. The "source security zone" in the matching condition is an optional parameter
B. "Time period" in the matching condition is an optional parameter
C. "Application" in the matching condition is an optional parameter
D. "Service" in the matching condition is an optional parameter
Answer: ABCD
89. The attacker responds to the request by sending ICMP and sets the destination address of the
request packet to the broadcast address of the victim network.What kind of attack does this behavior
belong to?
A. IP spoofing attack
B. Smurf attack
C. ICMP redirect attack
17 / 87
D. SYN flood attack

Answer: B
90. Regarding the order of the PKI work process, which of the following is correct?
1. The communication terminal applies for the CA certificate
2. PKI reply to CA certificate
3. Obtain each other's certificates and verify the validity
4. Install the local certificate on the communication end
5. PKI issues local certificates
6. The correspondent applies for a local certificate
7. Install the CA certificate on the communication end
8. Communicate with each other
A. 1-2-6-5-7-4-3-8
B. 1-2-7-6-5-4-3-8
C. 6-5-4-1-2-7-3-8
D. 6-5-4-3-1-2-7-8
Answer: B
91. Clients in the Trust zone of the firewall can log in to the FTP server in the Untrust zone, but cannot
download files. Which of the following methods can solve the problem? (Multiple Choice)
A. Release 21 port number between Trust and Untrust
B. When the FTP working mode is port mode, modify the security policy action from Trust to Untrust zone
to allow
C. Enable detect ftp
D. When FTP working mode is Passive mode, modify the security policy action from Trust to Untrust zone
to allow
Answer: CD
92. Which of the following is not part of the digital certificate?

A. Public key
B. Private key
C. Validity period
D. Issuer
Answer: B
93. Regarding the description of TCP/IP protocol stack packet decapsulation, which of the following is
A. The data message is first transmitted to the data link layer. After parsing, the data link layer information
is stripped, and the network layer information is known based on the analysis information, such as IP
B. After the transport layer (TCP) receives the data message, the transport layer information is stripped
after parsing, and the upper layer processing protocol is known based on the parsing information, such as
UDP
C. After the network layer receives the data message, the network layer information is stripped after
parsing, and the upper layer processing protocol is known based on the parsing information, such as
18 / 87
HTTP
D. After the application layer receives the data message, the application layer information is stripped after
parsing, and the final user data displayed is exactly the same as the data sent by the sender host
Answer: AD
94. Which of the following is not a key technology of anti-virus software?

A. Shelling technology
B. Self-protection
C. Format the disk
D. Real-time update virus database
Answer: C
95. Which of the following options are malicious programs? (Multiple Choices)
A. Trojan Horse
B. Vulnerabilities
C. Worms
D. Viruses
Answer: ACD
96. Which of the following options are the key elements of information security protection? (Multiple
Choice)
A. Asset management
B. Safe operation and maintenance and management
C. Security products and technologies
D. Personnel
Answer: BCD
97. Which of the following is not a major form of computer crime?

A. Plant a Trojan horse into the target host
B. Hacking the target host
C. Use a computer to conduct personal surveys
D. Use scanning tools to collect network information without permission
Answer: C
98. When deploying the IPSec VPN tunnel mode, the AH protocol is used for packet encapsulation. In the
header field of the new IP packet, which of the following parameters does not require data integrity
verification?
A. Source IP address
B. Destination IP address
C. TTL
D. Idetification
Answer: C
99. When configuring a GRE Tunnel interface, which of the following parameters does the Destination
19 / 87
address generally refer to?

A. Local Tunnel interface IP address
B. Outbound IP address of the local external network
C. The external IP address of the peer
D. IP address of the remote tunnel interface
Answer: C
100. Which of the following options belong to application risks? (Multiple Choice)
A. Network virus
B. Email Security
C. Database system configuration security
D. WEB service security
Answer: ABCD
101. Security policy conditions can be divided into multiple fields, such as source address, destination
address, source port, destination port, etc. These fields have an "and" relationship, that is, only the
information in the message matches all fields It is considered that this strategy has been hit by the above.
A. True
B. False
Answer: A
102. Regarding the description of SSL VPN, which of the following is correct?
A. Can be used without a client
B. The IP layer can be encrypted
C. There is a NAT traversal problem
D. No authentication required
Answer: A
103. Regarding the description of the four-way handshake for disconnecting the TCP connection, which of
the following is wrong?
A. The active closing party sends the first FIN to execute the active closing, and the other party receives
the FIN and the execution is closed
B. When the passive shutdown receives the first FIN, it will send back an ACK and randomly generate an
acknowledgment sequence number.
C. The passive closing party needs to send an end-of-file character to the application, and the application
closes its connection and causes a FIN to be sent
D. After the passive closing party sends FIN, the active closing party must send back a confirmation and
set the confirmation sequence number to the received sequence number plus 1
Answer: B
104. Which of the following is not asymmetric encryption algorithm?

A. DH
B. MD5
C. DSA
20 / 87
D. RSA
Answer: B
105. Regarding Client-Initiated VPN, which of the following statements are correct? (Multiple choice)
A. A tunnel is established between each access user and LNS
B. Each tunnel carries only one L2TP session and PPP connection
C. Each tunnel carries multiple L2TP sessions and PPP connections
D. Each tunnel carries multiple L2TP sessions and one PPP connection
Answer: AB
106. Regarding the firewall security policy statement, which of the following options is wrong?
A. If the security policy is permit, the discarded packets will not accumulate the "hit times"
B. When configuring the security policy name, the same name cannot be used repeatedly
C. Adjust the order of the security policy without saving the configuration file, it will take effect immediately
D. The number of security policy entries of Huawei USG series firewalls cannot exceed 128
Answer: D
107. Which of the following options VPN technology supports to encrypt data messages? (Multiple
choice)
A. SSL VPN
B. GRE VPN
C. IPSec VPN
D. L2TP VPN
Answer: AC
108. Which of the following is the user name/password for the first login of the USG series firewall?
A. Username admin
Password Admin@123
B. Username admin
Password admin@123
C. Username admin
Password admin
D. Username admin
Password Admin123
Answer: A
109. In the process of using the server, there are various security threats. Which of the following options is
not a server security threat?
A. Natural disasters
B. DDos attack
C. Hacking
D. Malicious program
Answer: A
21 / 87
110. Regarding Client-Initialized L2TP VPN, which of the following statements is wrong?
A. After remote users access the Internet, they can directly initiate an L2TP tunnel connection request to
the remote LNS through the client software
B. The LNS device receives the user's L2TP connection request, and can verify the user based on the
user name and password
C. LNS assigns private IP addresses to remote users
D. Remote users do not need to install VPN client software
Answer: D
111. Which of the following options is not included in the survey object targeted by the questionnaire in the
safety assessment method?
A. Network system administrator
B. Security Administrator
C. HR
D. Technical leader
Answer: C
112. The vulnerabilities that have not been discovered are 0 day vulnerabilities
A. True
B. False
Answer: B
113. Regarding the problem that users with two-way binding in authentication-free mode cannot access
network resources, which of the following options are possible reasons? (Multiple choices)
A. Authentication-free users and authenticated users are in the same security zone
B. The authentication-free user does not use a PC with the specified IP/MAC address
C. The authentication action in the authentication policy is set to "no account/authentication-free"
D. Online users have reached the maximum value
Answer: BD
114. ASPF (Application Specific Packet Filter) is a packet filtering technology based on the application
layer and implements a special security mechanism through the server-map table.
Regarding ASPF and server-map tables, which of the following are correct? (Multiple choice)
A. ASPF monitors the messages in the communication process
B. ASPF can dynamically create server-map tables
C. ASPF dynamically allows multi-channel protocol data to pass through the server-map table
D. The five-tuple server-map table entry implements a function similar to the session table
Answer: ABC
115. Which of the following are functions of address translation technology? (Multiple choice)
A. Address translation can enable internal network users (private IP addresses) to access the Internet
B. Address translation can make many hosts in the internal LAN share an IP address to surf the Internet
C. Address translation can handle encrypted IP headers
D. Address translation can shield users on the internal network and improve the security of the internal
22 / 87
network
Answer: ABD
116. Regarding NAT address translation, which of the following statements is wrong?
A. Configure the NAT address pool in the source NAT technology, you can configure only one IP address
in the address pool
B. Address conversion can provide FTP, WWW, Telnet and other services outside the local area network
according to the needs of users
C. Some application layer protocols carry IP address information in the data, and when NAT is performed
on them, the IP address information in the upper layer data must be modified
D. For some non-TCP, UDP protocols (such as ICMP, PPTP), NAT conversion is not possible
Answer: D
117. Regarding the relationship and function of VRRP/VGMP/HRP, which of the following statements is
correct? (Multiple choice)
A. VRRP is responsible for sending gratuitous ARP to direct the traffic to the new master device when the
master device is switched.
B. VGMP is responsible for monitoring equipment failures and controlling the fast switching of equipment
C. HRP is responsible for data backup during the dual-system hot backup operation
D. A VGMP group in the Active state may contain a VRRP group in the Standby state
Answer: ABC
118. When the firewall upgrades the signature database and virus database online through the security
service center, the firewall must first be able to connect to the Internet, and secondly, the correct DNS
address must be configured.
A. True
B. False
Answer: A
119. Which of the following is not a symmetric encryption algorithm?

A. DES
B. 3DES
C. AES
D. RSA
Answer: D
120. The results seen through display ike sa are as follows. Which of the following statements is wrong?
23 / 87
A. IKE SA has been established

B. IPSec SA has been established
C. The neighbor address is 2.2.2.1
D. IKE uses the V1 version
Answer: B
121. Regarding the comparison between windows and linux, which of the following statements is wrong?
A. It is difficult for new linux users to get started, and some learning and guidance are needed.
B. Windows can be compatible with most software and play most games
C. Linux is an open source code, you can do whatever you want
D. Windows is open source, you can do whatever you want
Answer: D
122. Which of the following options belong to the core elements of the IATF (Information Assurance
Technology Framework) model? (Multiple choices)
A. Environment
B. People
C. Technology
D. Operation
Answer: BCD
123. Which of the following are multi-user operating systems? (Multiple choice)
A. MSDOS
B. UNIX
C. LINUX
D. Windows
Answer: BCD
124. The preservation of electronic evidence is directly related to the legal effect of evidence. The
authenticity and reliability of the preservation in accordance with legal procedures can be guaranteed.
Which of the following is not an evidence preservation technology?
A. Encryption technology
B. Digital certificate technology
C. Digital signature technology
24 / 87
D. Message mark tracking technology

Answer: D
125. When one of the following situations occurs in the VGMP group, the VGMP group will not actively
send VGMP messages to the opposite end?
A. The dual-system hot backup function is enabled
B. Manually switch the firewall status between active and standby
C. Firewall service interface failure
D. Session table entry changes
Answer: D
126. Which of the following options can be operated in the advanced settings of the windows firewall?
(Multiple choice)
A. Restore default values
B. Change notification rules
C. Set connection security rules
D. Set up inbound and outbound rules
Answer: CD
127. Regarding the security policy configuration command, which of the following is correct?
#
security-policy
rule name rule1
source-zone trust
destination-zone untrust
source-address 10.1.0.0 0.0.255.255
service icmp
action deny
#
A. Prohibit ICMP packets from the trust zone to the untrust zone and the destination address is 10.1.10.10
host
B. Prohibit ICMP packets from all hosts that access the untrust zone from the trust zone and the
destination address is the 10.1.0.0/16 network segment
C. Prohibit all host ICMP packets from the trust zone to the untrust zone and the source address is
10.1.0.0/16 network segment
D. Prohibit all host ICMP packets from the trust zone to the untrust zone and the source address is
10.2.10.10
Answer: C
128. In information security protection, commonly used security products include firewalls, Anti-DDos
equipment, and IPS/IDS equipment
A. True
B. False
Answer: A
25 / 87
129. If the administrator uses the default default authentication domain to authenticate the user, the user
only needs to enter the user name when logging in; if the administrator uses the newly created
authentication domain to authenticate the user, the user needs to enter "Username@" when logging in.
Certified domain name"
A. True
B. False
Answer: A
130. Digital certificate technology solves the problem that the owner of the public key cannot be
determined in digital signature technology
A. True
B. False
Answer: A
131. Which of the following options belong to the technical characteristics of the intrusion prevention
system? (Multiple choices)
A. Online mode
B. Real-time blocking
C. Self-learning and self-adaptation
D. Straight route deployment
Answer: ABC
132. Regarding the firewall security policy, the following items are correct?
A. By default, the security policy can control unicast packets and broadcast packets.
B. By default, the security policy can control multicast
C. By default, the security policy only controls unicast packets.
D. By default, the security policy can control unicast messages, broadcast messages and multicast
messages
Answer: C
133. In the process of using the digital envelope, which of the following information will be encrypted?
(Multiple choice)
A. Symmetric key
B. User data
C. Recipient's public key
D. Receiver's private key
Answer: AB
134. Which of the following options belong to the certification field of ISO27001? (Multiple choice)
A. Access control
B. Personnel safety
C. Vulnerability management
D. Business continuity management
26 / 87
Answer: ABCD
135. Regarding the description of firewall, which of the following is correct?

A. The firewall cannot transparently access the network.
B. Adding a firewall to the network will inevitably change the topology of the network.
C. In order to avoid a single point of failure, the firewall only supports bypass deployment
D. According to different usage scenarios, the firewall can be deployed in a transparent mode or in a
three-in-one mode.
Answer: D
136. On Huawei USG series devices, the administrator wants to erase the configuration file. Which of the
following commands is correct?
A. clear saved-configuration
B. reset saved-configuration
C. reset current-configuration
D. reset running-configuration
Answer: B
137. For the description of buffer overflow attacks, which of the following options are correct? (Multiple
choice)
A. Buffer overflow attacks exploit the flaws of the software system's memory operations to run attack
codes with high operating privileges.
B. Buffer overflow attacks have nothing to do with the vulnerabilities and architecture of the operating
system.
C. Buffer overflow attack is one of the common methods in the behavior of attacking software systems
D. Buffer overflow attacks are application layer attacks.
Answer: ACD
138. Security technology has different methods in different technical levels and fields. Which of the
following devices can be used for network layer security protection? (Multiple choice)
A. Vulnerability scanning equipment
B. Firewall
C. Anti-DDoS equipment
D. IPS/IDS equipment
Answer: BCD
139. IPSEC VPN technology does not support NAT traversal when encapsulated with ESP security
protocol, because ESP encrypts the header of the message
A. True
B. False
Answer: B
140. Which of the following options belong to the function of SSL VPN? (Multiple choice)
A. User authentication
27 / 87
B. Port scan
C. File sharing
D. WEB rewrite
Answer: ACD
141. In the digital signature process, which of the following items are mainly used for HASH algorithm to
verify the integrity of data transmission?
A. User data
B. Symmetric key
Answer: A
142. Which of the following traffic matches the authentication policy will trigger authentication?
A. Access to the device or the traffic initiated by the device
B. DHCP, BGP, OSPF, LDP packets
C. Traffic of visitors accessing HTTP services
D. DNS packet corresponding to the first HTTP service data flow
Answer: C
143. Both GE1/0/1 and GE1/0/2 ports of the firewall belong to the DMZ zone. If you want to realize that
the area connected by GE1/0/1 can access the area connected by GE1/0/2, which of the following is
correct?
A. Need to configure the security policy from local to DMZ
B. No configuration required
C. Need to configure inter-domain security policies
D. Need to configure DMZ to local security policy
Answer: B
144. Using a computer to store information about criminal activities is not a method of computer crime
A. True
B. False
Answer: B
145. Regarding IKE SA, which of the following descriptions is wrong?

A. IKE SA is two-way
B. IKE is an application layer protocol based on UDP
C. IKE SA serves for IPSec SA
D. The encryption algorithm used in user data packets is determined by IKE SA
Answer: D
146. Regarding VPN, which of the following statements is wrong?

A. Virtual private network has lower cost than dedicated line
B. VPN technology must involve encryption technology
28 / 87
C. VPN technology is a technology that multiplexes logical channels on actual physical lines
D. The emergence of VPN technology allows employees on business trips to remotely access the internal
server of the enterprise
Answer: B
147. Which of the following are the standard port numbers of the FTP protocol? (Multiple choice)
A. 20
B. 21
C. 23
D. 80
Answer: AB
148. Information security grade protection is to improve the overall national security level, and at the same
time to rationally optimize the allocation of security resources, so that it can return the greatest security
economic benefits
A. True
B. False
Answer: A
149. In response to network security incidents, remote emergency response is generally taken first. If the
problem cannot be solved for the customer through remote access, after the customer confirms, it will be
transferred to the local emergency response process.
A. True
B. False
Answer: A
150. Usually we will divide servers into two categories: general servers and functional servers. Which of
the following options meets this classification standard?
A. Divided by application level
B. Divided by purpose
C. Divided by shape
D. Divided by system architecture
Answer: B
151. NAPT technology can realize a public IP address for multiple private network hosts
A. True
B. False
Answer: A
152. After the firewall uses the hrp standby config enable command to enable the standby device
configuration function, all the information that can be backed up can be directly configured on the standby
device, and the configuration on the standby device can be synchronized to the active device
A. True
B. False
29 / 87
Answer: A
153. Which of the following options belong to the characteristics of the symmetric encryption algorithm?
(Multiple choices)
A. Fast encryption speed
B. Slow confidentiality
C. Key distribution is not secure
D. High key distribution security
Answer: AC
154. Which of the following options are harmful to traffic-based attacks? (Multiple choices)
A. The network is down
B. Server down
C. Data is stolen
D. The webpage has been tampered with
Answer: AB
155. Intrusion Prevention System (IPS) is a defense system that can block intrusions in real time
A. True
B. False
Answer: A
156. Which of the following options is not included in the consistency check of the HRP master and
backup configuration?
A. NAT policy
B. Whether the heartbeat interface with the same serial number is configured
C. Next hop and outgoing interface of the static route
D. Authentication strategy
Answer: C
157. Regarding the NAT configuration statement, which of the following is wrong?
A. Configure source NAT in transparent mode, the firewall does not support easy-ip mode
B. The IP address in the address pool can overlap with the public IP address of the NAT server
C. When there are VoIP services in the network, NAT ALG is not required to be configured
D. The firewall does not support NAPT conversion of ESP and AH packets
Answer: B
158. Regarding the actions of the security policy and the description of the security configuration file,
which of the following options are correct? (Multiple choice)
A. If the action of the security policy is "Forbidden", the device will discard this traffic, and no further
content security checks will be performed.
B. The security configuration file can take effect without being applied to the security policy where the
action is allowed
C. The security configuration file must be applied to the security policy where the action is allowed to take
30 / 87
effect
D. If the security policy action is "allow", the traffic will not match the security profile
Answer: AC
159. Which of the following options are included in the encryption technology to protect data during data
transmission? (Multiple choice)
A. Confidentiality
B. Controllability
C. Integrity
D. Source verification
Answer: ACD
160. After a network attack occurs, set isolation areas, summarize data, and estimate losses according to
the plan. Which stage of the cyber security emergency response is the above actions?
A. Preparation stage
B. Testing phase
C. Inhibition phase
D. Recovery phase
Answer: C
161. IPSec VPN uses an asymmetric encryption algorithm to encrypt the transmitted data
A. True
B. False
Answer: B
162. The digital certificate uses a third-party organization to impartiality to the public key, thereby ensuring
the non-repudiation of data transmission. Therefore, only the certificate of the communicating party is
required to confirm the correctness of the public key.
A. True
B. False
Answer: B
163. Digital signature is to generate a digital fingerprint by using a hash algorithm to ensure the integrity of
data transmission
A. True
B. False
Answer: A
164. Regarding the description of the firewall fragment caching function, which of the following options are
A. By default, the firewall caches fragmented packets
B. After configuring the direct forwarding of fragmented packets, the firewall will forward fragmented
packets that are not the first fragment of packets according to the inter-domain security policy
C. For fragmented packets, NAT ALG does not support the processing of SIP fragmented packets
31 / 87
D. By default, the maximum fragment cache number of an IPV4 message is 32, and the maximum
fragment cache number of an IPv6 message is 255
Answer: AC
165. The SIP protocol uses SDP messages to establish a session, and the SDP message contains a
remote address or multicast address
A. True
B. False
Answer: A
166. Which of the following attacks is not a network attack?

A. IP spoofing attack
B. Smurf attack
C. MAC address spoofing attack
D. ICMP attack
Answer: C
167. What versions of the SNMP protocol are there? (Multiple choice)
A. SNMPv1
B. SNMPv2b
C. SNMPv2c
D. SNMPv3
Answer: ACD
168. Regarding the description of the preemption function managed by VGMP, which of the following is
wrong?
A. By default, the preemption function of the VGMP management group is enabled
B. By default, the preemption delay time of the VGMP management group is 40s
C. Preemption means that when the original failed master device recovers from a failure, its priority will be
restored, and you can regain its own status as the master
D. After the VRRP backup group is added to the VGMP management group, the original preemption
function on the VRRP backup group becomes invalid
Answer: B
169. In the IPSec VPN transmission mode, which part of the data message is encrypted?
A. Network layer and upper layer data packets
B. Original IP header
C. New IP header
D. Transport layer and upper layer data messages
Answer: D
170. Regarding the windows log, which of the following descriptions is wrong?
A. The system log is used to record events generated by operating system components, mainly including
driver, system components and application software crashes and data
32 / 87
B. The system log of windows server 2008 is stored in Application.evtx

C. Application log contains events recorded by applications or system programs, mainly recording events
related to program operation
D. The security log of windows server 2008 is stored in security.evtx
Answer: B
171. Regarding the description of IP Spoofing, which of the following is wrong?

A. IP spoofing attacks are launched by using the normal IP address-based trust relationship between
hosts
B. After an IP spoofing attack is successful, the attacker can use any forged IP address to imitate a
legitimate host to access key information
C. The attacker needs to disguise the source IP address as a trusted host and send a data segment
marked with SYN to request a connection
D. Hosts in a trust relationship based on IP addresses can log in directly without entering password
verification
Answer: C
172. In the USG series firewall, which of the following commands can be used to query the NAT
conversion result?
A. display nat translation
B. display firewall session table
C. display current nat
D. display firewall nat translation
Answer: B
173. The preservation of electronic evidence is directly related to the legal effect of evidence, and its
authenticity and reliability can only be guaranteed if it conforms to legal procedures. Which of the
following is not an evidence preservation technique?
A. Encryption technology
B. Digital certificate technology
C. Digital signature technology
D. Message mark tracking technology
Answer: D
174. Which of the following is the status information that can be backed up by the HRP (Huawei
Redundancy Protocol) protocol? (Multiple choice)
A. Session table
B. ServerMap table entries
C. Dynamic blacklist
D. Routing table
Answer: ABC
175. As shown in the figure, a TCP connection is established between client A and server B. Which of the
following should be the serial number of the "?" message in the two places in the figure?
33 / 87
A. a+1:a
B. a:a+1
C. b+1:b
D. a+1:a+1
Answer: D
176. According to different usage scenarios, digital certificates can be divided into local certificates, CA
certificates, root certificates and self-signed certificates, etc.
A. True
B. False
Answer: B
177. Which of the following is the encryption technology used in the digital envelope?
A. Symmetric encryption algorithm
C. Hashing algorithm
D. Stream encryption algorithm
Answer: B
178. Which of the following are remote authentication methods? (Multiple choice)
A. RADIUS
B. Local
C. HWTACACS
D. LLDP
Answer: AC
179. Regarding IPSec SA, which of the following statements is correct?
34 / 87
A. IPSec SA is one-way
B. IPSec SA is bidirectional
C. Used to generate encryption keys
D. Used to generate secret algorithms
Answer: A
180. Which of the following is not included in the steps of the safety assessment method?
A. Manual audit
B. Penetration testing
C. Questionnaire
D. Data analysis
Answer: D
181. Which item stipulates that "spam should be detected and protected at key network nodes, and the
upgrade and update of the spam protection mechanism should be maintained"?
A. Malicious code prevention
B. Communication transmission
C. Centralized control
D. Border protection
Answer: A
182. Which of the following options does not belong to the five-tuple range?
A. Source IP
B. Source MAC
C. Destination IP
D. Destination port
Answer: B
183. In a stateful inspection firewall, when the stateful inspection mechanism is turned on, when the
second packet (SYN+ACK) of the three-way handshake arrives at the firewall, if there is no corresponding
session table on the firewall, which of the following descriptions is correct?
A. The firewall does not create a session table, but allows packets to pass
B. If the firewall security policy allows packets to pass, create a session table
C. Packets must not pass through the firewall
D. The message must pass through the firewall and establish a session
Answer: C
184. In the VRRP (Virtual Router Redundancy Protocol) group, the main firewall regularly sends
notification messages to the backup firewall, and the backup firewall is only responsible for monitoring
notification messages and will not respond
A. True
B. False
Answer: B
35 / 87
185. Huawei USG firewall VRRP notification message is a multicast message, so each firewall in the
backup group must be able to achieve direct layer 2 intercommunication
A. True
B. False
Answer: A
186. Because the server is a kind of computer, we can use our personal computer as a server in the
enterprise.
A. True
B. False
Answer: B
187. As shown in the figure is an application scenario of a NAT server, when using the web configuration
method for this configuration. Which of the following statements is correct? (Multiple choice)
A. When configuring the interzone security policy, you need to set the source security zone to Untrust and
the target security zone to DMZ
B. When configuring NAT Server, the internal address is 10.1.1.2 and the external address is 200.10.10.1
C. When configuring the interzone security policy, set the source security zone to DMZ and the target
security zone to Untrust
D. When configuring NAT Server, the internal address is 200.10.10.1 and the external address is 10.1.1.2.
Answer: AB
188. In the configuration of L2TP, for the command Tunnel Name, which of the following statements are
A. Used to specify the local tunnel name
B. Used to specify the tunnel name of the opposite end
C. Tunnel Nnames on both ends must be consistent
D. If Tunnel Name is not configured, the tunnel name is the local system name
Answer: AD
189. Which of the following types of attacks are DDos attacks?

A. Snooping scan attack
B. Malformed message attack
C. Special message attack
36 / 87
D. Traffic attacks
Answer: D
190. In the USG system firewall, you can use which function to provide well-known application services
for non-well-known ports?
A. Port mapping
B. MAC and IP address binding
C. Packet filtering
D. Long connection
Answer: A
191. Regarding the command to view the number of security policy matches, which of the following is
correct?
A. display firewall sesstion table
B. display security-policy all
C. display security-policy count
D. count security-policy hit
Answer: B
192. Which of the following options belongs to the Layer 2 VPN technology?
A. SSL VPN
B. L2TP VPN
C. GRE VPN
D. IPSec VPN
Answer: B
193. Regarding the description of the advanced settings of the windows firewall, which of the following
options are wrong? (Multiple choice)
A. When setting the pushstack rules, only the local port can be restricted, but the remote port cannot be
restricted
B. When setting the pushstack rules, both the local port and the remote port can be restricted
C. When setting the popstack rules, only the local port can be restricted, but the remote port cannot be
restricted
D. When setting the popstack rules, both the local port and the remote port can be restricted
Answer: BD
194. Regarding the description of VGMP group management, which of the following is wrong?
A. All changes in the active/standby status of a VRRP backup group need to be notified to the VGMP
management group it belongs to
B. The interface types and numbers of the heartbeat ports of the two firewalls can be different, as long as
the Layer 2 interoperability can be ensured.
C. The VGMP of the active and standby firewalls periodically send hello messages
D. The active and standby equipment learns the status of each other through the heartbeat line exchange
messages, and backs up related commands and status information.
37 / 87
Answer: B
195. In the security assessment method, the purpose of security scanning is to use scanning analysis and
assessment tools to scan the target system in order to find relevant vulnerabilities and prepare for attacks
A. True
B. False
Answer: B
196. Which of the following attacks is not a malformed message attack?

A. Teardrop attack
B. Smurf attack
C. TCP Fragmentation Attack
D. ICMP unreachable packet attack
Answer: D
197. Regarding IKE SA, which of the following descriptions is wrong?

A. IKE SA is two-way
B. IKE is an application layer protocol based on UDP
C. IKE SA serves for IPSec SA
D. The encryption algorithm used in user data packets is determined by IKE SA
Answer: D
198. In the construction of an information security system, a security model is needed to accurately
describe the relationship between important aspects of security and system behavior
A. True
B. False
Answer: A
199. Security policy conditions can be divided into multiple fields, such as source address, destination
address, source port, destination port, etc. These fields have an "and" relationship, that is, only the
information in the message and all fields If they all match, it is considered to have hit this strategy.
A. True
B. False
Answer: B
200. The matching principle of the security policy is: first search for the manually configured inter-domain
security policy, if it does not match, then directly discard the data packet.
A. True
B. False
Answer: A
201. Which of the following are the response actions after the gateway anti-virus detects the mail virus?
(Multiple choice)
A. Warning
38 / 87
B. Block
C. Declaration
D. Delete attachment
Answer: ACD
202. Digital signature is to generate a digital fingerprint by using a hash algorithm to ensure the integrity of
data transmission
A. True
B. False
Answer: A
203. Regarding NAT address conversion, which of the following statements is wrong?
A. Configure the NAT address pool in the source NAT technology, you can configure only one IP address
in the address pool
B. Address conversion can provide FTP, WWW, Telnet and other services outside the local area network
according to the needs of users
C. Some application layer protocols carry IP address information in the data, and when NAT is performed
on them, the IP address information in the upper layer data must be modified
D. For some TCP and UDP protocols (such as ICMP, PPTP), NAT conversion is not possible
Answer: D
204. When NAT Server is configured on the USG system firewall, a server-map table will be generated.
Which of the following is not included in the table?
A. Destination IP
B. Destination port number
C. Protocol number
D. Source IP
Answer: D
205. Which of the following options are malicious programs? (Multiple choice)
A. Trojan Horse
B. Vulnerabilities
C. Worms
D. Viruses
Answer: ACD
206. Which of the following are the main implementation methods of gateway anti-virus? (Multiple choice)
A. Proxy scanning method
B. Stream scanning method
C. Package inspection and killing method
D. File inspection and killing methods
Answer: AB
207. Which of the following is not a hash algorithm?
39 / 87
A. MD5
B. SHA1
C. SM1
D. SHA2
Answer: C
208. Regarding the description of firewall dual-system hot backup, which of the following options are
A. When multiple areas on the firewall need to provide dual-system backup, multiple VRRP backup
groups need to be configured on the firewall
B. The state of all VRRP backup groups of the same VGMP management group on the same firewall is
required to be consistent
C. The firewall dual-system hot backup needs to synchronize the backup of the session table, MAC table,
routing table and other information between the master device and the slave device
D. VGMP is used to ensure the consistency of all VRRP backup group switching
Answer: ABD
209. Which of the following is not a file format for saving certificates supported by USG6000 series
devices?
A. PKCS#12
B. DER
C. PEM
D. PKCS#
Answer: D
210. Which of the following attacks is not a special message attack?

A. ICMP redirect packet attack
B. ICMP unreachable packet attack
C. IP address scanning attack
D. Oversized ICMP packet attack
Answer: C
211. Security technology has different methods in different technical levels and fields. Which of the
following devices can be used for network layer security protection? (Multiple choice)
A. Vulnerability scanning device
B. Firewall
C. Anti-DDoS device
D. IPS/IDS device
Answer: BCD
212. Which of the following is used to encrypt digital fingerprints in digital signature technology?
A. The sender's public key
B. The sender's private key
40 / 87

Answer: B
213. The reason why OSPF is more commonly used than RIP is that OSPF has a device authentication
function and is more secure.
A. True
B. False
Answer: B
214. The content of intrusion detection covers authorized and unauthorized intrusion behaviors. Which of
the following behaviors does not belong to the scope of intrusion detection?
A. Impersonating other users
B. The administrator deletes the configuration by mistake
C. Plant a worm Trojan
D. Disclosure of data and information
Answer: B
215. Regarding the description of the ARP spoofing attack, which of the following is wrong?
A. The ARP implementation mechanism only considers normal business interactions, and does not do
any verification for abnormal business interactions or malicious behaviors
B. ARP spoofing attacks can only be achieved through ARP responses, not through ARP requests
C. When a host sends a normal ARP request, the attacker will preemptively answer, causing the host to
establish a wrong IP and MAC mapping relationship
D. ARP static binding is a solution to ARP spoofing attacks, mainly used in scenarios where the network
scale is not big
Answer: B
216. Which of the following mechanisms are used to implement MAC flooding attacks? (Multiple choice)
A. MAC learning mechanism of the switch
B. The forwarding mechanism of the switch
C. ARP learning mechanism
D. Limit on the number of MAC entries
Answer: ABD
217. After the firewall uses the hrp standby config enable command to enable the standby device
configuration function, all the information that can be backed up can be directly configured on the standby
device, and the configuration on the standby device can be synchronized to the active device.
A. True
B. False
Answer: A
218. In practical applications, asymmetric encryption is mainly used to encrypt user data.
A. True
B. False
41 / 87
Answer: B
219. When an enterprise establishes its own information system, it checks every operation in accordance
with the authoritative standards established internationally, and can check whether its own information
system is safe or not.
A. True
B. False
Answer: A
220. Which of the following is the port number used by L2TP packets?
A. 17
B. 500
C. 1701
D. 4500
Answer: C
221. Which of the following is not included in the steps of the safety assessment method?
A. Manual audit
B. Penetration testing
C. Questionnaire
D. Data analysis
Answer: D
222. IPSec VPN uses an asymmetric encryption algorithm to encrypt the transmitted data.
A. True
B. False
Answer: B
223. Regarding the firewall security policy, which of the following is correct?
A. By default, the security policy can control unicast packets and broadcast packets
B. By default, the security policy can control multicast
C. By default, the security policy only controls unicast packets
D. By default, the security policy can control unicast packets, broadcast packets and multicast packets
Answer: C
224. In the process of using the digital envelope, which of the following information will be encrypted?
(Multiple choice)
A. Symmetric key
B. User data
C. Receiver's public key
Answer: AB
225. Which of the following is the action to be taken in the eradication phase in cybersecurity emergency
42 / 87
response? (Multiple choice)

A. Look for trojan horses, illegal authorizations, and system loopholes, and deal with them in time
B. Revise the security policy based on the security incidents that occur, and enable security auditing
C. Block the attacking behavior and reduce the scope of influence
D. Confirm the degree of damage caused by the security incident and report the security incident
Answer: AB
226. Which of the following attacks can DHCP Snooping prevent? (Multiple choice)
A. DHCP Server counterfeit attack
B. middleman and IP/MAC spoofing attacks
C. IP spoofing attack
D. Fake DHCP lease renewal packet attack using option82 field
Answer: ABD
227. In the Huawei SDSec solution, which of the following belong to the execution layer equipment?
(Multiple choice)
A. CIS
B. Fierhunter
C. Router
D. AntiDDoS
Answer: CD
228. The account authority of an employee of a company has expired, but the account can still be used to
access the company's server. Which security risks are the above scenarios? (Multiple choice)
A. Manage security risks
B. Access security risks
C. System security risks
D. Physical security risks
Answer: ABC
229. Which of the following is the default backup mode of dual-machine hot backup?
A. Automatic backup
B. Manual batch backup
C. Fast session backup
D. Configuration of the active and standby FW after the device restarts
Answer: A
230. Network administrators can collect data that needs to be analyzed on network devices through
packet capture, port mirroring or logs.
A. True
B. False
Answer: A
231. The world's first worm virus-"Morris worm" makes people realize that as people's dependence on
43 / 87
computers increases, the possibility of computer networks being attacked is increasing, and it is
necessary to establish a complete emergency response system.
A. True
B. False
Answer: A
232. Which of the following is the necessary configuration of IPSec VPN? (Multiple choice)
A. Configure IKE neighbors
B. Configure IKE SA related parameters
C. Configure IPSec SA related parameters
D. Configure the stream of interest
Answer: ACD
233. In the user management of Huawei firewall, which of the following categories are included? (Multiple
choice)
A. Internet user management
B. Access user management
C. Administrator user management
D. Device user management
Answer: ABC
234. In order to obtain criminal evidence, it is necessary to master the intrusion tracking technology.
Which of the following description of the tracking technology is correct? (Multiple choice)
A. The packet recording technology inserts tracking data into the tracked IP packet, thereby marking the
packet on each router mentioned.
B. Link detection technology determines the source of the attack information by testing the network
connection between routers
C. Data packet marking technology records data packets on the router, and then uses data drilling
technology to extract information about the source of the attack
D. Shallow mail behavior analysis can realize the analysis of sending IP address, sending time, sending
frequency, number of recipients, shallow email headers and other information
Answer: BD
235. When the user uses the session authentication method to trigger the firewall's built-in Portal
authentication, the user does not actively perform identity authentication, first performs business access,
and the device pushes "redirect" to the authentication page.
A. True
B. False
Answer: A
236. Regarding the description of the intrusion detection system, which of the following is wrong?
A. The intrusion detection system can dynamically collect a large amount of key information through the
network and computer, and can analyze and judge the current state of the entire system environment in
time
44 / 87
B. Once the intrusion detection system finds any behavior that violates the security policy or the system
has traces of being attacked, it can implement blocking operations
C. Intrusion detection system includes all software and hardware systems used for intrusion detection
D. The immersion detection system can be linked with firewalls and switches, becoming a powerful
"assistant" of the firewall, and better and more precise control of traffic access between domains
Answer: B
237. Which of the following belong to the encapsulation mode supported by IPSec VPN? (Multiple choice)
A. AH mode
B. Tunnel mode
C. Transmission mode
D. ESP mode
Answer: BC
238. The tunnel addresses at both ends of the GRE tunnel can be configured as addresses of different
network segments.
A. True
B. False
Answer: A
239. Regarding the description of the data packet in the iptables transmission process, which of the
following is wrong?
A. When a data packet enters the network card, it matches the PREROUTING chain firstly
B. If the destination address of the data packet is the local machine, the system will send the data packet
to the INPUT chain.
C. If the destination address of the data packet is not the local machine, the system sends the data packet
to the OUTPUT chain
D. If the destination address of the data packet is not the local machine, the system will send the data
packet to the FORWARD chain.
Answer: C
240. Regarding the description of the operating system, which of the following is wrong?
A. The operating system is the interface between the user and the computer
B. The operating system is responsible for managing all the hardware resources of the computer system
and controlling the execution of the software.
C. The interface between the operating system and the user is a graphical interface
D. The operating system itself is also software
Answer: C
241. Which of the following is not a requirement for firewall dual-machine hot backup?
A. The firewall hardware models are consistent
B. The firewall software version is consistent
C. The interface type and number used are consistent
D. The firewall interface IP addresses are consistent
45 / 87
Answer: D
242. Regarding the NAT policy processing, which of the following are correct? (Multiple choice)
A. Server-map is processed after status detection
B. The source NAT policy query is processed after the session is created
C. The source NAT policy is processed after the security policy is matched
D. Server-map is processed before the security policy is matched
Answer: ACD
243. Which of the following are necessary for firewall dual-machine hot backup scenarios? (Multiple
choice)
A. hrp enable
B. hrp mirror session enable
C. hrp interface interface-type interface-number
D. hrp preempt [delay interval]
Answer: AC
244. Manual audit is a supplement to tool assessment. It does not require any software to be installed on
the target system being assessed, and has no effect on the operation and status of the target system.
Which of the following is not included in the manual audit?
A. Manual detection of the host operating system
B. Manual inspection of the database
C. Manual inspection of network equipment
D. Manual inspection of the process of the administrator operating the equipment
Answer: D
245. Which of the following options belong to the default security zone of Huawei firewall? (Multiple
choice)
A. Zone
B. Trust zone
C. Untrust zone
D. Security area
Answer: BC
246. What is the warning level for major cybersecurity incidents that occur?
A. Red warning
B. Orange warning
C. Yellow warning
D. Blue warning
Answer: B
247. Regarding the source of electronic evidence, which of the following descriptions is wrong?
A. Fax information and mobile phone recordings are electronic evidence related to communication
technology.
46 / 87
B. Movies and TV series are electronic evidence related to network technology.

C. Database operation records and operating system logs are electronic evidence related to computers
D. The operating system logs, e-mail, and chat records can all be used as the source of electronic
evidence.
Answer: B
248. Regarding the sequence of call establishment procedures for L2TP corridors, which of the following
descriptions is correct?
1. Establish L2TP tunnel
2. Establish a PPP connection
3. LNS authenticates users
4. User access to intranet resources
5. Establish an L2TP session
A. 1->2->3->5->4
B. 1->5->3->2->4
C. 2->1->5->3->4
D. 2->3->1->5->4
Answer: B
249. The protocol field in the IP header identifies the protocol used by the upper layer. Which of the
following field values indicates that the upper layer protocol is the UDP protocol?
A. 6
B. 17
C. 11
D. 18
Answer: B
250. According to the management regulations, regular inspections of network security systems and
equipment, patch upgrades, and network security emergency response drills are organized. Which
aspects of the MPDRR network security model are the above actions belong to? (Multiple choice)
A. Protection link
B. Testing link
C. Response link
D. Management link
Answer: ABC
251. Information security graded protection is the basic system of national information security assurance
work.
A. True
B. False
Answer: A
252. Which of the following options is not a sign of IPSec SA?

A. SPI
47 / 87
B. Destination address
C. Source address
D. Security protocol
Answer: C
253. Which of the following about the difference between pre-accident prevention strategies and
post-accident recovery strategies is correct? (Multiple choice)
A. Prevention strategies focus on minimizing the possibility of accidents before the story occurs.
Recovery strategies focus on minimizing the impact and loss on the enterprise after the accident
B. The role of pre-disaster prevention strategies does not include minimizing the economic and reputation
losses caused by the accident
C. Recovery strategies are used to improve business high availability
D. Recovery strategies are part of the business continuity plan
Answer: AD
254. When the administrator upgrades the USG firewall software version, which of the following
operations are necessary? (Multiple choice)
A. Upload firewall version software
B. Restart the device
C. Restore factory settings
D. Specify the software version to be loaded next time
Answer: ABD
255. If there is a practical change in the company structure, it is necessary to re-test whether the business
continuity plan is feasible.
A. True
B. False
Answer: A
256. HTTP packets are carried by UDP, and the HTTPS protocol is based on the TCP three-way
handshake, so HTTPS is more secure, and HTTPS is more recommended.
A. True
B. False
Answer: B
257. The single sign-on function of Internet users, the user directly authenticates to the AD server, the
device does not interfere with the user authentication process, the AD monitoring service needs to be
deployed in the USG device to monitor the authentication information of the AD server.
A. True
B. False
Answer: A
258. UDP port scanning means that the attacker sends a zero-byte length UDP packet to a specific port of
the target host. If the port is open, an ICMP port reachability data packet will be returned.
48 / 87
A. True
B. False
Answer: B
259. Regarding the business continuity plan, which of the following statements is correct? (Multiple
choice)
A. The business continuity plan does not require the participation of the company's senior management
during the project scope stage
B. Because it cannot predict all possible accidents, BCP needs to be flexible
C. The business continuity plan does not require the participation of the company's senior management
before it is formally documented
D. Not all safety incidents must be reported to the company's senior management
Answer: BCD
260. When the USG series firewall hard disk is in place, which of the following logs can be viewed?
(Multiple choice)
A. Operation log
B. Business log
C. Warning information
D. Threat log
Answer: ABCD
261. Social engineering is a method of deceiving and hurting victims through psychological traps such as
psychological weakness, instinctual reaction, curiosity, trust, and greed.
A. True
B. False
Answer: A
262. Applying for special funds for emergency response and which stage of the work of complete network
emergency response do purchasing emergency response software and hardware equipment belong to?
A. Preparation stage
B. Inhibition stage
C. Response stage
D. Recovery stage
Answer: A
263. Equipment sabotage attacks are generally not easy to cause information leakage, but usually cause
the interruption of network communication services.
A. True
B. False
Answer: A
264. Regarding the description of the authentication of Internet users and VPN access users, which of the
following is wrong?
49 / 87
A. Internet users and VPN access users share data, and user attribute checks (user status, account
expiration time, etc.) are also effective for VPN access
B. The process of local authentication or server authentication for online users is basically the same, both
of which authenticate users through authentication domains, and the user triggering methods are also the
same
C. After VPN users access the network, they can access the network resources of the corporate
headquarters, and the firewall can control the accessible network resources based on the user’s name
D. After being authenticated, VPN access users will be online at the same time on the user online list
Answer: B
265. Which of the following descriptions about the patch is wrong?

A. A patch is a small program made by the original author of the software for the discovered vulnerabilities
B. Not applying a patch does not affect the operation of the system, so it does not matter whether it is
patched or not.
C. Patches are generally updated continuously.
D. Computer users should download and install the latest patches in time to protect their systems
Answer: B
266. Regarding the description of the intrusion prevention system (IPS), which of the following is wrong?
A. The IDS device needs to be linked to the firewall to block the intrusion
B. IPS devices cannot be deployed in bypass mode in the network
C. IPS equipment can be connected in series at the network boundary and deployed online
D. Once the IPS device detects the intrusion, it can block it in real time
Answer: B
267. Regarding Huawei routers and switches, which of the following statements are correct? (Multiple
choice)
A. Routers can implement some security functions, and some routers can implement more security
functions by adding security boards
B. The main function of the router is to forward data. When the company has security requirements,
sometimes a firewall may be a more suitable choice.
C. The switch has some security functions, and some switches can realize more security functions by
adding a security board
D. The switch does not have security functions
Answer: ABC
268. Which of the following options does not belong to the log type of the windows operating system?
A. Business log
B. Application log
C. Security log
D. System log
Answer: A
269. After a network intrusion event occurs, according to the plan to obtain the identity of the intrusion, the
50 / 87
source of the attack and other information, and block the intrusion behavior, which links in the PDRR
network security model do the above actions belong to? (Multiple choice)
A. Protection link
B. Testing link
C. Response link
D. Recovery link
Answer: BC
270. Regarding the vulnerability scan, which of the following is wrong?

A. The vulnerability is unknown in advance and discovered afterwards.
B. Vulnerabilities are generally patchable
C. Vulnerabilities are security risks, which can expose computers to hacker attacks
D. Vulnerabilities can be avoided
Answer: D
271. When configuring user single sign-on, the mode of receiving PC messages is adopted, and the
authentication process has the following steps:
1. The visitor's PC executes the login script and sends the user login information to the AD monitor
2. The firewall extracts the corresponding relationship between the user and IP from the login information
and adds it to the online user table
3. The AD monitor connects to the AD server to query login user information, and forwards the queried
user information to the firewall
4. The visitor logs in to the AD domain, and the AD server returns a login success message to the user
and delivers the login script. Which of the following is the correct order?
A. 1-2-3-4
B. 4-1-3-2
C. 3-2-1-4
D. 1-4-3-2
Answer: B
272. The administrator wants to create a web configuration administrator, the device web access port
number is 20000, and the administrator is at the administrator level, which of the following commands is
correct?
A)
51 / 87
B)
C)
D)
A. Option A
B. Option B
C. Option C
D. Option D
Answer: A
273. Regarding the actions of the security policy and the description of the security configuration file,
A. Prohibited If the action of the security policy is "prohibited", the device will discard this traffic, and no
further content security checks will be performed
B. The security configuration file can take effect without being applied to the security policy where the
action is allowed
C. The security configuration file must be applied to the security policy whose action is allowed to take
52 / 87
effect.
D. If the security policy action is "Allow", the traffic will not match the security profile
Answer: AC
274. Which of the following options belong to the same characteristics of windows system and LINUX
system? (Multiple choice)
A. Support multitasking
B. Support graphical interface operation
C. Open-source system
D. Support multiple terminal platforms
Answer: ABD
275. In the process of configuring NAT, in which of the following situations, the device will generate
Server-map entries? (Multiple choice)
A. Automatically generate server-map entries when configuring source NAT
B. After the NAT server is successfully configured, the device will automatically generate Server-map
entries
C. Server-map entries will be generated when easy-ip is configured
D. After configuring NAT No-PAT, the device will create a server-map table for the configured
multi-channel protocol data stream
Answer: BD
276. NAT technology can realize data secure transmission by encrypting data.
A. True
B. False
Answer: B
277. Which of the following sequence for incident response management is correct?
1 Detection 2 Report 3 Mitigation 4 Summarize experience 5 Repair 6 Recovery 7 Response
A. 1-3-2-7-5-6-4
B. 1-3-2-7-6-5-4
C. 1-2-3-7-6-5-4
D. 1-7-3-2-6-5-4
Answer: D
278. Regarding L2TP VPN, which of the following is wrong?

A. Applicable for employees on business trips to dial-up access to the intranet
B. Data will not be encrypted
C. Can be used in conjunction with IPsec VPN
D. Belongs to the three-tier VPN technology
Answer: D
279. Encryption technology can convert readable information into unreadable information through a
certain method.
53 / 87
A. True
B. False
Answer: A
280. ASPF (Application specific Packet Filter) is a packet filtering technology based on the application
layer and implements a special security mechanism through the server-map table. Regarding ASPF and
server-map tables, which of the following are correct? (Multiple choice)
A. ASPF monitors the packets in the communication process
B. ASPF can dynamically create server-map
C. ASPF dynamically allows multi-channel protocol data to pass through the server-map table
D. The five-tuple server-map table entry implements a function similar to the session table
Answer: ABC
281. The role of antivirus software and host firewall is the same.
A. True
B. False
Answer: B
282. The process of electronic evidence collection includes: protecting the scene, obtaining evidence,
preserving evidence, identifying evidence, analyzing evidence, tracking and presenting evidence.
A. True
B. False
Answer: A
283. When the command is executed on the firewall and the following information is displayed, which of
the following descriptions is correct? (Multiple choice)
HRP_A [USG A] display vrrp interfaceGigabitEthernet 1/0/1
GigabitEthernet1/0/1 | Virtual Router 1
VRRP Group: Active
state: Active
Virtual IP: 202.38.10.1
Virtual MAC: 0000-5e00-0101
Primary IP: 202.38.10.2
PriorityRun :100
PriorityConfig:100
MasterPriority :100
bbs.hh010.com
Preempt: YES Delay Time: 10
A. The VGMP group status of this firewall is Active
B. The virtual IP address of the G1/0/1 interface of this firewall is 202.38.10.2
C. The priority of the VRRP backup group with VRID 1 of this firewall is 100
D. When the main device USG_A fails, it will not switch
Answer: AC
54 / 87
284. In the USG series firewall system view, the device configuration will be restored to the default
configuration after the reset saved-configuration command is executed, and it will take effect without other
operations.
A. True
B. False
Answer: B
285. Which of the following is the difference between NAPT and No-PAT?
A. After No-PAT conversion, for external users, all messages come from the same IP address
B. No-PAT only supports protocol port conversion at the transport layer
C. NAPT only supports protocol address translation at the network layer
D. No-PAT supports protocol address translation at the network layer
Answer: D
286. Regarding the description of the buffer overflow attack, which of the following options are correct?
(Multiple choice)
A. Buffer overflow attack exploits the flaws in the memory operation of the software system to run the
attack code with high operating authority
B. Buffer overflow attacks have nothing to do with operating system vulnerabilities and architecture
C. Buffer overflow attack is one of the common methods in the behavior of attacking software systems
D. Buffer overflow attacks are application layer attacks
Answer: ACD
287. Which of the following is not the business scope of the National Internet Emergency Response
Center?
A. Emergency handling of security incidents
B. Early warning and notification of security incidents
C. Provide security evaluation services for government departments, enterprises and institutions
D. Cooperate with other organizations to provide training services
Answer: D
288. The host firewall is mainly used to protect the host from attacks and intrusions from the network.
A. True
B. False
Answer: A
289. Which of the following options belong to international organizations related to information security
standardization? (Multiple choice)
A. International Organization for Standardization（ISO）
B. International Electrotechnical Commission（IEC）
C. International Telecommunication Union（ITU）
D. Wi-Fi Alliance Wi-Fi
Answer: ABC
55 / 87
290. In order to obtain criminal evidence, it is necessary to master the technology of intrusion tracking.
Which of the following description of the tracking technology is correct? (Multiple choices)
A. Data packet recording technology inserts tracking data into the tracked IP data packet, thereby
marking the data packet on each router passing by
B. Link testing technology determines the source of the attack information by testing the network links
between routers
C. Data packet marking technology records data packets on the router, and then uses data drilling
technology to extract information about the source of the attack
D. Shallow mail behavior analysis can realize the analysis of sending IP address, sending time, sending
frequency, number of recipients, shallow email headers and other information.
Answer: BD
291. Which of the following data does the digital signature technology encrypt to obtain a digital
signature?
A. User data
B. Recipient's public key
C. The sender's public key
D. Digital fingerprint
Answer: D
292. On Huawei USG series firewalls, the default security policy does not support modification.
A. True
B. False
Answer: B
293. In the classification of the information security level protection system, which of the following levels
defines if the information system is damaged, it will damage the social order and public interests?
(Multiple choice)
A. First level
User self-protection level
B. Second level
System audit protection level
C. Level 3
Security mark protection
D. Level 4
Structured protection
Answer: BCD
294. In the Huawei SDSec solution, which of the following is an analysis layer device?
A. CIS
B. Agile Controller
C. switch
D. Firehunter
Answer: D
56 / 87
295. Regarding the control actions permit and deny of the firewall inter-domain forwarding security policy,
A. The default security policy action of the firewall is denied
B. After the packet matches the deny action of the inter-domain security policy, the packet is immediately
discarded, and other inter-domain security policies will not continue to be executed
C. Even if the data packet matches the permit action of the security policy, it will not necessarily be
forwarded by the firewall
D. No matter whether the packet is a permit action or a deny action that matches the security policy, it will
be transferred to the UTM module for processing
Answer: ABC
296. Which of the following is not included in the Business Impact Analysis (BIA)?
A. Business priority
B. Incident handling priority
C. Impact assessment
D. Risk identification
Answer: B
297. When deploying IPSec VPN, which of the following is the main application scenario of tunnel mode?
A. Between host and host
B. Between the host and the security gateway
C. Between security gateways
D. Between host and server
Answer: C
298. The HRP (Huawei Redundancy Protocol) protocol is used to synchronize the key configuration and
connection status of the firewall to the standby firewall. Which of the following options does not belong to
the scope of synchronization?
A. Security strategy
B. NAT strategy
C. Blacklist
D. IPS signature set
Answer: D
299. Regarding the business continuity plan, which of the following statements is correct? (Multiple
choice)
A. The business continuity plan does not require the participation of the company's senior management
during the project scope stage
B. All possible accidents are thought not to be predicted, so BCP needs to be flexible
C. The business continuity plan does not require the participation of the company's senior management
before it is formally documented
D. Not all safety incidents must be reported to the company's senior management
Answer: BCD
57 / 87
300. Common information security standards and regulations mainly include the national level protection
system (GB), ____, the American standard TCSEC and the European Union standard IT SEC.
A. ISO 27001
Answer: A
301. In the classification of the information security level protection system, which of the following levels
defines if the information system is damaged, it will cause damage to social order and public interests?
A. The third level: security mark protection
B. The fourth level: structured protection
C. The second level: system audit protection
D. The first level: user self-protection
Answer: ABC
302. Please sort the following steps according to the level protection process.
Answer:
58 / 87
303. According to the HiS ec solution, please drag the devices on the left into the logical architecture layer
on the right.
Answer:
304.The attacker sends a SYN packet with the same source address and destination address, or the
source address is the loopback address, to the target host (the source port and the destination port are
the same), causing the attacked to send a SYN-AKY message to his own address. Which kind of attack is
is this behavior?
A. Smurf attack
B. SYN Flood attack
C. TCP spoofing attack
D. Land attack
Answer: D
305.Huawei’s Agile-Controller product is a _____ device in the HiSec solution.

A. Control
Answer: A
306.According to the logical structure of the HiSec solution, please drag the hierarchy of HiSec solutions
on the left to the box on the right and arrange them in order from top to bottom.
59 / 87
Answer:
307.In the Linux system, if the user wants to enter the tmp folder in the root directory, the command that
needs to be entered is ________/tmp. [Fill in the blanks]
A. cd
Answer: A
308.Please sort by iptables table processing priority from largest to smallest.
Answer:
60 / 87
309.Regarding the NAT policy processing flow, which of the following options are correct? (Multiple
choice)
A. Server-map is processed before the security policy matches
B. The source NAT policy is processed after the security policy is matched
C. The source NAT policy query is processed after the session is created
D. Server-map is processed after status detection
Answer: ABD
310. At this stage, we have mastered three source NAT technologies, namely NAT No-PAT and ______
Easy IP.
A. NATP
Answer: A
311.The default authentication domain of the USG6000 series firewall is the ______ domain.
A. default
Answer: A
312._________ Mode: Two devices, one active and one standby. Under normal circumstances, business
traffic is handled by the main device. When the main equipment fails, the backup equipment takes over
the main equipment to process business traffic to ensure uninterrupted business.
A. Dual-system hot standby active/standby backup
Answer: A
313.The administrator wants to clear the current session table.

Which of the following commands is correct?
A. display session table
B. display firewall session table
C. reset firewall session table
D. clear firewall session table
Answer: C
314. If internal employees access the Internet through a firewall and find that they cannot connect to the
Internet normally, which viewing commands can be used on the firewall to troubleshoot the interface,
61 / 87
security zone, security policy, and routing table? (Write any viewing command, require: command line
Words must be complete and correct to score, and cannot be omitted or abbreviated)
A. display zone | display current-configuration | display ip routing-table | display security-policy rule all |
display ip interface brief
Answer: A
315. If users on the external network (where the security zone is Untrust) are allowed to access the
intranet server (where the security zone is DMZ), the destination security zone selected when configuring
the security policy is ________.
A. DMZ
Answer: A
316. Use the Ping command on the firewall to test the reachability of the server (the security zone where
the server is located is the DMZ). If the security policy is configured to allow the test traffic, the source
security zone is ______.
A. local
Answer: A
317.An employee of a company accesses the company's internal Web server through a firewall. The web
page of the website can be opened using a browser, but the Pina command is used to test the reachability
of the Web server, and it is displayed as unreachable.
What is the possible reason? ()
A. The security policy deployed on the firewall allows the TCP protocol, but not the ICMP protocol
B. The interface of the firewall connecting to the server is not added to the security zone
C. The security policy deployed on the firewall allows the HTTP protocol, but not the ICMP protocol
D. WEB server is down
Answer: A
318.As shown in the following, there are two Server Map entries generated after the NAT Server is
configured. Regarding the information presented in the figure, which of the following descriptions is
wrong?
Type: Nat Server, ANY -> 1.1.1.1 [192.168.1.1]
Type: Nat Server Reverse, 192.168.1.1 [1.1.1.1] -> ANY
A. The second server map function is that when 192.168.1.1 visits any address, the source address will
be converted to 1.1.1.1 after passing through the firewall.
B. The function of the first Server Map is that when any address accesses 192.168.1.1, the destination IP
will be converted to 1.1.1.1 after passing through the firewall.
C. The Server Map with the Reverse logo can be deleted using commands.
D. The two Server Map entries are static, that is, after the NAT Server is configured, the two Server Maps
will be automatically generated and exist permanently.
Answer: B
319. Please match the following malicious code classification and description one by one
62 / 87
Answer:
320. After an engineer configures the NAT-Server, in order to check the Server-map generated after the
configuration, he needs to use the ________ command to query the Server-map.
A. display firewall server-map
Answer: A
321.Which of the following options are suitable for business travelers to access the corporate intranet in
the public network environment? (Multiple choice)
A. L2TPoverIPSecVPN
B. GER VPN
C. MPLS VPN
D. SSL VPN
Answer: AD
322.When using the ______ function of SSL VPN, the virtual gateway will assign an internal network IP
address to the access user, which is used for the access user to access the internal network IP resources
A. Network expansion
Answer: A
323. Which of the following are not common application scenarios of digital certificates?
A. FTP
B. HTTPS
C. IPSEC VPN
D. SSL VPN
Answer: A
63 / 87
324.In the symmetric encryption algorithm, the _______ algorithm is used in data communication
channels, browsers or network links.
A. Stream encryption
Answer: A
324. Please sort the following project implementation steps from the start of the project.
Answer:
326.In the _______ view of the firewall, you can use the reboot command to restart the firewall.
A. User
64 / 87
Answer: A
327.Please match the whole worm virus attack process and attack description.
Answer:
328._______ is a defect in the specific implementation of hardware, software, and protocol or system
security strategy, which can enable an attacker to access or destroy the system without authorization.
A. Vulnerabilities
Answer: A
329.Gratuitous ARP can be used to detect if _____address conflicts, and it can also refresh the MAC
address table of the switch.
65 / 87
A. IP
Answer: A
330.The leakage of personal information belongs to the destruction of the ________ characteristics of the
information.
A. Confidential
Answer: A
331.Normally, the port used by the FTP active mode server for data transmission is the TCP ( ) port.
A. 20
Answer: A
332. If internal employees access the Internet through a firewall and find that they cannot connect to the
Internet normally, which view commands can be used on the firewall to troubleshoot the interface state
security zone, security policy, and routing table? (Write any view command, require: command line The
words must be complete and correct to score, and cannot be omitted or abbreviated)
A. display ip routing-table display zone
Answer: A
333.When the FW is deployed at the network egress location, if a failure occurs, it will affect the main
network business. In order to improve the reliability of the network, two FWs need to be deployed and
formed ______
A. Hot standby
Answer: A
333. RFC (Request For Comment) 1918 sets aside 3 IP address ends for private use, namely
10.0.0.0-10.255.255.255, _______, 192.168.0.0-192.168.255.255
A. 172.16.0.0-172.31.255.255
Answer: A
335.The main reason why NAPT can achieve one-to-many address translation is that ______ is also
converted while addressing, so multiple private addresses can share the same public address.
A. Port
Answer: A
336. When the company's network administrator is performing dual-system hot backup, because of the
possibility of inconsistent back and forth paths, if you want to turn on the session fast backup function, the
command you need to enter is ______.
A. hrp mirror session enable
Answer: A
337.Which of the following information is not the backup content included in the status information backup
in dual-system hot backup?
A. IPSEC tunnel
66 / 87
B. NAPT related entries

C. IPv4 Session Table
D. Routing table
Answer: D
338.When configuring user single sign-on, if the mode of querying the security log of the AD server is
adopted, please sort the following authentication processes:
Answer:
339.When configuring the security policy, ______ can control the flow based on the user.
67 / 87
A. Services and applications

Answer: A
340.Which of the following descriptions about dual-system hot backup is wrong?

A. The preemption delay is 60s by default
B. Whether it is a Layer 2 or Layer 3 interface, whether it is a business interface or a heartbeat interface, it
needs to be added to the security zone
C. The active preemption function is enabled by default
D. The dual-system hot backup function requires license support
Answer: D
341.IPv6 supports configuring the router authorization function on the device, verifying the identity of the
peer through a digital certificate, and selecting a legal device.
A. True
B. False
Answer: B
342.Which of the following SSL VPN functions can only access all TCP resources?
B. File sharing
C. WEB agency
D. Port forwarding
Answer: D
343.Which of the following description is wrong about the digital fingerprint in the digital signature?
A. It is the data obtained by the sender after calculating the plaintext information through the HASH
algorithm.
B. The receiver will use the sender’s public key to calculate the generated data fingerprint and compare it
with the received digital fingerprint.
C. Digital fingerprints are also called information digests.
D. The receiver needs to use the sender's public key to unlock the digital signature and get the digital
fingerprint.
Answer: C
344. In the PKI system architecture, _______ is the CA's window to users, and is an extension of CA's
certificate issuance and management functions. He is responsible for accepting users' certificate
registration and revocation applications, reviewing employees' identity information, and deciding whether
to apply for certificate registration and revocation. The CA submits an application to issue or revoke a
digital certificate.
A. RA
Answer: A
345.The SSL VPN routing mode determines the route of the message sent by the client. In the _______
mode, no matter what resource is accessed, the data will be intercepted by the virtual network card and
68 / 87
forwarded to the virtual gateway for processing.

Answer: A
346.User authentication is the authentication of the client's identity by the SSL virtual gateway, including:
________, server authentication, certificate anonymous authentication and certificate challenge
authentication.
A. Local authentication
Answer: A
347. When an information security incident occurs, the priority is to adopt _____ emergency response to
provide customers with technical technical support.
A. MPDRR
Answer: A
348.Drag the steps of electronic forensics on the left into the box on the right to summarize, and arrange
them from top to bottom in the order of execution.
Answer:
349.Regarding the description of the risk assessment, which of the following options is wrong?
A. Risk assessment requires training in asset collection and risk assessment methods.
B. Risk assessment needs to identify threats, vulnerabilities, and scan for security vulnerabilities.
69 / 87
C. Risk assessment requires assessment of risks and classification of risk levels.

D. Risk assessment requires operation of monitoring system.
Answer: D
350.The attacker scans the ports to find the ports currently open by the attacked object to determine the
attack method. In port scanning attacks, attackers usually use PortScan attack software to initiate a series
of TCP/UDP connections, and determine whether the host uses these ports to provide services based on
the response message.
Such network detection behavior is called _______ scanning.
A. Port
Answer: A
351. Please correspond to the following protocols and their TCP/IP protocol stack level
Answer:
352.Please classify the main functions of the following operating systems correctly.
70 / 87
Answer:
353.Please classify the following servers and their functions correctly
Answer:
71 / 87
354.Which of the following is not a stand-alone anti-virus technology?

A. Install anti-virus software
B. Configure anti-virus technology on the network firewall
C. Use virus detection tools
D. Patch the system
Answer: B
355. Please match the following NAT technologies and realized functions one by one
72 / 87
Answer:
73 / 87
356.In which of the following scenarios does the firewall generate a server map table? (Multiple choice)
A. NAT Server is deployed on the firewall
B. ASPF is deployed on the firewall and the traffic of the multi-channel protocol is forwarded
C. If the firewall generates a session table, it will generate a Server-map table
D. Security policies are deployed on the firewall and traffic is released
Answer: AB
357._____ can view the direction of the traffic in the firewall.

A. Session table
Answer: A
358. The firewall imports users locally, and supports importing user information in _______ format files
and database dbm files to the local device.
A. CSV
Answer: A
359.Which of the following protocols does not belong to the protocol type that ASPF can detect?
A. PPTP
B. FTP
C. MSTP
D. DNS
Answer: C
360.After the firewall detects the virus, which of the following will release the virus?
A. Protocol not supported by firewall
B. Hit application exception
C. Source IP hits the whitelist
74 / 87
D. Hit virus exception

Answer: D
361.As shown in the figure, the nat server global 202.106.1.1 inside 10.10.1.1 is configured on the firewall.
Which of the following configuration is correct for inter-domain rules?
A. rule name c, source-zone untrust, destination-zone trust, destination-address 202.106.1.1 32, action
permit
B. rule named, source-zone untrust, destination-zone trust, destination-address 10.10.1.1 32, action
permit
C. rule name b, source-zone untrust, destination-zone trust, source-address 10.10.1.1 32, action permit
D. rule name b, source-zone untrust, destination-zone trust, source-address 202.106.1.1 32, action
permit
Answer: B
362. Which of the following NAT technologies can realize a public network address to provide source
address translation for multiple private network addresses? (Multiple choice)
A. NAPT
B. NAT Server
C. Easy-ip
D. NAT No-PAT
Answer: AC
363.In the process of establishing IPSec VPN between the peers FW_A and FW_B, two types of security
associations need to be established in two stages. In the first stage, establish ____ to verify the identity of
the peers.
A. IKE SA
Answer: A
364.Using the _____ method of the web proxy, the virtual gateway encrypts the real URL that the user
wants to access and can adapt to different terminal types.
A. Web rewriting
Answer: A
365. Digital envelope technology means that the sender encrypts the data with the receiver's public key,
and then sends the ciphertext to the receiver.
75 / 87
A. TRUE
B. FALSE
Answer: B
366.IPSec VPN uses an asymmetric algorithm to calculate the ______ key to encrypt data messages.
A. Symmetry
Answer: A
367.When IPSec VPN uses tunnel mode to encapsulate packets, which of the following is not in the
encryption scope of the ESP security protocol?
A. ESP Header
B. TCP Header
C. Raw IP Header
D. ESP Tail
Answer: A
368.Database operation records can be used as evidence of _______ for retrospective security incidents.
A. Electronics
Answer: A
369.Drag the stages of cybersecurity emergency response on the left into the box on the right, and
arrange them from top to bottom in the order of execution.
Answer:
76 / 87
370. Drag the early warning levels of the network security emergency response on the left into the box on
the right, and arrange them from top to bottom in order of severity.
Answer:
371.According to the requirements of level protection, which of the following behaviors belong to the
scope of information security operation and maintenance management? (Multiple choice)
A. Participate in information security training
B. Back up or restore data
C. Develop an emergency response plan
D. Harden the security of the host
Answer: ABCD
371. In the TCP/IP protocol core, which of the following protocols works at the application layer?
A. IGMP
B. ICMP
C. RIP
D. ARP
Answer: C
372. When using the passive mode to establish an FTP connection, use port 20 for the control channel
and port 21 for the data channel.
77 / 87
A. True
B. False
Answer: B
374.In the Linux system, which of the following commands is used to query IP address information?
A. ifconfig
B. display ip interface brief
C. ipconfig
D. display ip
Answer: A
375. Which of the following is not included in the trigger authentication method for firewall access user
authentication?
A. MPLS VPN
B. SSL VPN
C. IPSec VPN
D. L2TP VPN
Answer: A
376.______ is to configure user information (including the user name, password and various attributes of
the local user) on the network access server. The advantage is that it is fast.
A. Local authentication
Answer: A
377.Which of the following description is wrong about the main implementation of Single Sign On?
A. Accept PC message mode
B. Query the security log mode of the AD server
C. Query syslog server mode
D. The firewall monitors AD authentication packets
Answer: C
378.We should choose the encryption algorithm according to our own characteristics. When we need to
encrypt a large amount of data, it is recommended to use the _____ encryption algorithm to improve the
speed of encryption and decryption.
A. Symmetry
Answer: A
379. To use AH+ESP protocol to encapsulate IP packets, how many IPSec SAs need to be established?
A. 1
B. 2
C. 3
D. 4
Answer: D
78 / 87
380. Please order the following steps about the PKI life cycle correctly
Answer:
381. Drag the stages of cybersecurity emergency response on the left into the box on the right, and
arrange them from top to bottom in the order of execution.
Answer:
79 / 87
382.Match the following survey methods and descriptions one by one
Answer:
80 / 87
383.The goal of ______ is to provide a quick, calm and effective response in an emergency, thereby
enhancing the company’s ability to immediately recover from a destructive event.
A. Business Continuity Plan
Answer: A
384.Social engineering is a kind of harmful means such as deception and harm through psychological
traps such as psychological weakness, instinctual reaction, curiosity, trust, and greed of the victim.
A. TURE
B. FALSE
Answer: A
385. An engineer needs to back up the firewall configuration. Now he wants to use one command to view
all the current configuration of the firewall. What command does he use?
A. display current-configuration
Answer: A
386.Please match the following information security risks with information security incidents one by one.
81 / 87
Answer:
387.Under normal circumstances, the email protocols we often talk about include _____, POP3, SMTP
A. IMAP
Answer: A
388.1. The enterprise needs to have its own dedicated mailbox, and the sending and receiving of mail
needs to go through the enterprise's server;
2. The server must provide file transfer and access services, and provide accounts with different
permissions for users in different departments of the enterprise;
3. The enterprise can directly enter the domain name in the browser when accessing the internal
webpage of the enterprise.
To meet the above requirements, which of the following servers does the enterprise need to deploy?
(Multiple choice)
A. Time synchronization server
B. FTP server
C. DNS server
D. Mail server
82 / 87
Answer: BCD
389.The triggering methods of the built-in Portal authentication of the firewall include pre-authentication
and ______ authentication
A. Conversation
Answer: A
390.In the authentication policy of the firewall, ______ allows users to obtain the corresponding
relationship between the user and IP without entering a user name and password, so as to perform policy
management based on the user.
A. Certification-free
Answer: A
391.Which of the following is not the default security zone of the firewall?
A. untrust trust
B. trust zone
C. dmz zone
D. isp zone
Answer: D
392.Which of the following descriptions about the heartbeat interface is wrong?

A. It is recommended to configure at least 2 heartbeat interfaces. One heartbeat interface is used as the
master, and the other heartbeat interface is used as the backup.
B. The interface MTU value greater than 1500 cannot be used as a heartbeat interface
C. The connection method of the heartbeat interface can be direct connection, or connection through a
switch or router
D. MGMT interface (GigabitEthernet 0/0/0) cannot be used as a heartbeat interface
Answer: B
393.Which of the following factors are related to the initial priority of the USG9500 VGMP group? (Multiple
choice)
A. Interface bandwidth
B. VRRP priority
C. Number of sub-cards on the interface board
D. The number of CPUs on the service board
Answer: CD
394. After the company’s network administrator has configured dual-system hot backup, he can view
VRRP and other information through commands, and get the following information
HRP_M<FWA>
Gigabit Ethernet 0/0/3 Virtual Router 1
State: Master
Virtual IP: 10.3.0.3
Master IP: 10.3.0.1
83 / 87
Priority Run: 120

Priority Config: 100
Master Priority: 120
Preempt: YES Delay Time: 0s
Timer Run: 60s
Timer Config: 60s
Auth type: NONE
Virtual MAC: 0000-5e00-0101
Check TIL: YES
Config type: vgmp Vrrp
Backup-forward：disabled
Create time：2020-03-17 17:35:54UTC+08:02
Last change time: 2020-03-22 16:01:56 UTC+08:02
Type in the blank space to view the command is _____
A. display vmp
Answer: A
395.The administrator connects to the firewall through the G 1/0/0 interface (the interface has been added
to the Trust Zone). If the administrator is allowed to log in to the firewall through G1/0/0 for configuration
management, how to configure the direction of traffic released in the security policy?
A. Release the traffic from Trust Zone to Trust Zone
B. Release the traffic from Trust Zone to Untrust Zone
C. Release the traffic from Local Zone to Local Zone
D. Release the traffic from Trust Zone to Local Zone
Answer: D
395. Which of the following protocols does not belong to the protocol type that ASPF can detect?
A. MSTP
B. FTP
C. DNS
D. PPTP
Answer: A
397.After the company’s network administrator has configured the dual-system hot backup, he wants to
check the status of the current VGMP group, so he typed in the command to display the following
information
HRP_M<FW_A>__
Role: active, peer: active
Running priority: 45000, peer: 45000
Backup channel usage: 30X
Stable time: 1 days, 13 hours, 35 minutes
Last state change information: 2020-03-2216:01:56 HRP core state changed, old_state = normal
（active）, new_state=normal
（active） .1ocalpriority F 4
84 / 87
peer_priority = 45000.
Configuration:
hello interval: 1000ms
preempt: 60s
mirror configuration: off
mirror session: on
track trunk member: on
auto-sync configuration: on
auto-sync connection-status: on
adjust ospf cost: on
adjust ospfv3-cost: on
adjust bgp-cost: on
nat resource: off
Detail information:
Gigabit Ethernet 0/0/1: up
Gigabit Ethernet 0/0/3: up
ospf-cost: +0
Then the command he typed in the blank is________.
A. display hrp state verbose
Answer: A
398. When IPSec VPN uses transport mode to encapsulate packets, which of the following is not in the
certification scope of the ESP security protocol?
A. ESP Header
B. IP Header
C. ESP Iail
D. ICP Header
Answer: B
399.As shown in the figure, when using Client-Initiated VPN to establish L2TP VPN, which of the following
is the end point of PPP packets?
A. Access users
B. LNS
C. LAC
D. Server
Answer: B
399. Please order the following digital envelope encryption and decryption processes correctly.
85 / 87
Answer:
86 / 87
401.Digital envelope refers to the data obtained after the sender uses the receiver's ______ to encrypt the
symmetric key.
A. Public key
Answer: A
402.Which of the following VPNs cannot be used in Site to-Site scenarios?

A. GRE VPN
B. L2TP VPN
C. SSL VPN
D. IPSEC VPN
Answer: C
403.Which of the following options is not a passive means of obtaining information?

A. Port scan
B. Port mirroring
C. Capture
D. Collect logs
Answer: C
404.Which of the following does not belong to the log format of the firewall?
A. Binary format
B. net flow format
C. ASCII encoding format
D. Syslog format
Answer: C
87 / 87

Archivetemph12-711 - V3.0-ENU V8.02

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Archivetemph12-711 - V3.0-ENU V8.02

Uploaded by

Copyright:

Available Formats

Http://www.passcert.

Title : HCIA-Security V3.0

4. Which of the following is the core part of the P2DR model?

8. DDoS attack belongs to which attack type?

9. About SSL VPN technology, which of the following statement is wrong?

13. Which attack below is not a malformated packet attack?

14. "Caesar Password" is mainly encrypted by using a stick of specific specifications.

15. Which of the following is a remote authentication method? (Multiple Choice)

22. Which item is correct about SSL VPN?

26. Which of the following is not a quintuple range?

D. Document evidence is required in computer crimes

38. Which item below is not a Linux operating system?

44. Check the HRP status information of the firewall as follows:

50. Which of the following is not a symmetrical encryption algorithm?

54. Which configuration below can implement NAT ALG function?

4. Find the blacklist below

68.The configuration command regarding the NAT address pool is as follows:

73. Which of the following options is the protocol number of GRE?

74. Which of the following descriptions of the VGMP protocol is wrong?

D. SYN flood attack

92. Which of the following is not part of the digital certificate?

94. Which of the following is not a key technology of anti-virus software?

97. Which of the following is not a major form of computer crime?

address generally refer to?

104. Which of the following is not asymmetric encryption algorithm?

119. Which of the following is not a symmetric encryption algorithm?

A. IKE SA has been established

D. Message mark tracking technology

135. Regarding the description of firewall, which of the following is correct?

145. Regarding IKE SA, which of the following descriptions is wrong?

146. Regarding VPN, which of the following statements is wrong?

166. Which of the following attacks is not a network attack?

B. The system log of windows server 2008 is stored in Application.evtx

171. Regarding the description of IP Spoofing, which of the following is wrong?

179. Regarding IPSec SA, which of the following statements is correct?

189. Which of the following types of attacks are DDos attacks?

196. Which of the following attacks is not a malformed message attack?

197. Regarding IKE SA, which of the following descriptions is wrong?

207. Which of the following is not a hash algorithm?

210. Which of the following attacks is not a special message attack?

D. Receiver's private key

response? (Multiple choice)

B. Movies and TV series are electronic evidence related to network technology.

252. Which of the following options is not a sign of IPSec SA?

265. Which of the following descriptions about the patch is wrong?

270. Regarding the vulnerability scan, which of the following is wrong?

278. Regarding L2TP VPN, which of the following is wrong?

305.Huawei’s Agile-Controller product is a _____ device in the HiSec solution.

308.Please sort by iptables table processing priority from largest to smallest.

313.The administrator wants to clear the current session table.

B. NAPT related entries

A. Services and applications

340.Which of the following descriptions about dual-system hot backup is wrong?

forwarded to the virtual gateway for processing.

C. Risk assessment requires assessment of risks and classification of risk levels.

353.Please classify the following servers and their functions correctly

354.Which of the following is not a stand-alone anti-virus technology?

357._____ can view the direction of the traffic in the firewall.

D. Hit virus exception

382.Match the following survey methods and descriptions one by one

392.Which of the following descriptions about the heartbeat interface is wrong?

Priority Run: 120

402.Which of the following VPNs cannot be used in Site to-Site scenarios?